CVE-2026-29646 Overview
CVE-2026-29646 is a critical privilege isolation bypass vulnerability in OpenXiangShan NEMU prior to commit 55295c4. When running with RVH (RISC-V Hypervisor extension) enabled, a VS-mode guest write to the supervisor interrupt-enable CSR (sie) may be handled incorrectly and can influence machine-level interrupt enable state (mie). This breaks privilege/virtualization isolation and can lead to denial of service or privilege-boundary violation in environments relying on NEMU for correct interrupt virtualization.
Critical Impact
A malicious guest operating system can manipulate machine-level interrupt state from VS-mode, breaking fundamental virtualization isolation guarantees and potentially enabling privilege escalation or denial of service attacks against the hypervisor.
Affected Products
- OpenXiangShan NEMU prior to commit 55295c4
- NEMU configurations with RVH (Hypervisor extension) enabled
- RISC-V virtualization environments using affected NEMU versions
Discovery Timeline
- 2026-04-20 - CVE-2026-29646 published to NVD
- 2026-04-21 - Last updated in NVD database
Technical Details for CVE-2026-29646
Vulnerability Analysis
This vulnerability affects the RISC-V interrupt virtualization logic within OpenXiangShan NEMU, a popular open-source RISC-V emulator. The flaw resides in how the emulator handles writes to the supervisor interrupt-enable Control and Status Register (CSR) when operating in VS-mode (Virtual Supervisor mode) with the Hypervisor extension active.
In a correctly implemented RISC-V hypervisor environment, VS-mode operations should be completely isolated from machine-level state. The sie register in VS-mode should map to virtualized state controlled by the hypervisor, not to actual machine-level registers. However, due to incorrect CSR handling logic in NEMU, writes intended for the virtualized sie register can erroneously propagate to the machine-level interrupt enable register (mie).
This represents a fundamental violation of the RISC-V privilege architecture, where operations at lower privilege levels should never directly affect higher privilege state. The vulnerability is classified under CWE-267 (Privilege Defined With Unsafe Actions), as the emulator grants VS-mode software the unintended capability to influence M-mode interrupt configuration.
Root Cause
The root cause is improper CSR address virtualization in NEMU's hypervisor extension implementation. When processing CSR write instructions targeting the sie register from VS-mode context, the emulator fails to properly redirect the operation to the virtualized state (vsie) and instead allows the write to affect machine-level interrupt enable bits in the mie register. This indicates a missing or incorrect privilege level check in the CSR write handling path.
Attack Vector
An attacker with the ability to execute code within a VS-mode guest can exploit this vulnerability through the following approach:
The attack leverages standard RISC-V CSR write instructions to the sie register from within a guest operating system. Under normal circumstances, these writes should only affect the guest's virtualized interrupt enable state. However, due to the flawed CSR handling, the writes propagate to machine-level state.
An attacker could craft specific bit patterns written to sie that, when incorrectly applied to mie, would disable critical machine-level interrupts. This could prevent the hypervisor from receiving timer interrupts (necessary for preemption), external interrupts (necessary for I/O), or software interrupts (necessary for inter-processor communication). The result is a denial of service condition affecting all guests on the affected NEMU instance, or potential privilege escalation if the interrupt manipulation creates exploitable race conditions.
Detection Methods for CVE-2026-29646
Indicators of Compromise
- Unexpected changes to machine-level interrupt enable state (mie register) coinciding with guest CSR operations
- Guest virtual machines exhibiting the ability to affect host interrupt delivery
- System instability or hangs following guest sie register writes
- Anomalous interrupt behavior in hypervisor logs during guest execution
Detection Strategies
- Monitor NEMU execution logs for CSR write operations targeting sie from VS-mode contexts
- Implement integrity checks on mie register state before and after guest CSR operations
- Deploy RISC-V architectural compliance tests to detect privilege boundary violations
- Enable verbose CSR tracing in development and testing environments to catch errant state modifications
Monitoring Recommendations
- Instrument NEMU builds with CSR access logging for security-critical deployments
- Implement automated regression testing using the RISC-V Architecture Test Suite for hypervisor extension compliance
- Monitor for unexpected guest behavior patterns that could indicate exploitation attempts
- Track NEMU version deployments to ensure prompt identification of vulnerable instances
How to Mitigate CVE-2026-29646
Immediate Actions Required
- Update OpenXiangShan NEMU to commit 55295c4 or later immediately
- Audit any environments using NEMU with RVH extension enabled for signs of exploitation
- Consider temporarily disabling the Hypervisor extension if updating is not immediately possible
- Review guest workloads for potentially malicious code targeting interrupt manipulation
Patch Information
The vulnerability has been addressed in OpenXiangShan NEMU commit 55295c46580456d8d5a9d5736e1fda924b8825ab. The fix is available through Pull Request #938 on the official GitHub repository. Additional details about the vulnerability are documented in Issue #951.
Organizations should update to the patched version by pulling the latest changes from the NEMU repository and rebuilding. The commit details show the specific CSR handling corrections applied to properly virtualize sie register access in VS-mode contexts.
Workarounds
- Disable the RVH (Hypervisor extension) feature if virtualization is not required for your use case
- Run only trusted guest operating systems until the patch can be applied
- Implement network isolation for systems running vulnerable NEMU instances to limit remote attack surface
- Consider using alternative RISC-V emulators with verified hypervisor extension implementations for security-critical workloads
# Update NEMU to patched version
cd /path/to/NEMU
git fetch origin
git checkout 55295c46580456d8d5a9d5736e1fda924b8825ab
make clean && make
# Verify the patched version is in use
git log -1 --format="%H" | grep -q "55295c4" && echo "Patched version confirmed"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
