This vulnerability affects OpenXiangShan NEMU's handling of state-enable controls. Specifically, when Smstateen is enabled, clearing the mstateen0.ENVCFG CSR fails to enforce proper access restrictions on the henvcfg and senvcfg CSRs. Consequently, code running with lower privileges may access these CSRs without exceptions, undermining the intended isolation between privilege levels or virtualized contexts. No CVSS score or patch information is currently available, and no known exploits have been reported.

The impact of this vulnerability is that less-privileged code can bypass intended isolation mechanisms by reading or writing privileged CSRs (henvcfg and senvcfg) without triggering exceptions. This could compromise the security boundaries in virtualized or multi-privilege environments, potentially leading to unauthorized access or control escalation within the system. However, no known exploits are reported at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should monitor vendor communications for updates. No specific mitigations are provided in the available data.