N/A

XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR addresses may trigger an illegal-instruction exception but fail to reliably transfer control to the configured trap handler (mtvec), causing control-flow disruption and potentially leaving the core in a hung or unrecoverable state. This can be exploited by a local attacker able to execute code on the processor to cause a denial of service and potentially inconsistent architectural state.

N/A

N/A

XiangShan 安全漏洞

XiangShan是中国XiangShan开源的一个开源高性能RISC-V处理器项目。 XiangShan存在安全漏洞，该漏洞源于CSR子系统对异常条件处理不当，可能导致本地攻击者造成拒绝服务或架构状态不一致。

N/A

N/A