Lyrie
Critical CVE
CVSS 9.83 sources verified·1 min read
By Lyrie Threat Intelligence·4/24/2026

CRITICAL: CVE-2026-29649 (CVSS 9.8) — xiangshan nemu

CVE: CVE-2026-29649

CVSS: 9.8 (3.1) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL

Status: Critical advisory

Affected

  • xiangshan nemu

Summary

NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/CBCFE/CBZE-related fields) is incorrectly masked/updated based on menvcfg[7:4], so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to incorrect enforcement of virtualization configuration and may cause unexpected traps or denial of service when executing cache-block management instructions in virtualized contexts (V=1).

Verified Sources

References

  • https://docs.riscv.org/reference/isa/priv/hypervisor.html
  • https://docs.riscv.org/reference/isa/priv/machine.html
  • https://github.com/OpenXiangShan/NEMU/issues/681
  • https://github.com/OpenXiangShan/NEMU/pull/689

_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._

Lyrie Verdict

A vulnerability of this severity is exactly what Lyrie's anti-rogue-AI defense is built for: continuous, autonomous monitoring that doesn't wait for human reaction time.

#xiangshan#critical

Validated sources

  1. [1]NVD
  2. [2]GitHub Advisory
  3. [3]MITRE