CVE-2026-29646: OpenXiangShan NEMU RISC-V Hypervisor Privilege Escalation (CVSS 9.8)

Overview

A critical privilege escalation vulnerability has been identified in OpenXiangShan NEMU, the functional instruction set simulator used to model the XiangShan RISC-V processor design. Tracked as CVE-2026-29646 with a CVSS score of 9.8, the flaw affects deployments running with the RISC-V Hypervisor extension (RVH) enabled.

When a guest operating system in VS-mode (virtual supervisor mode) writes to the sie CSR (supervisor interrupt-enable register), the write is handled incorrectly by NEMU, inadvertently influencing the mie register (machine-level interrupt enable). This breaks the fundamental privilege and virtualization isolation guarantees of the RISC-V architecture, allowing a guest OS to affect machine-level interrupt state it should have no visibility into.

Affected Versions

Technical Details

CVE ID: CVE-2026-29646
CVSS Score: 9.8 (Critical)
Attack Vector: Local (guest OS in VS-mode)
Privileges Required: Low (VS-mode guest context)
Impact: Breaks privilege/virtualization isolation
CWE: CWE-269 (Improper Privilege Management)

RISC-V Privilege Model Background

The RISC-V architecture defines a layered privilege model:

The Hypervisor extension (RVH) adds a virtualization layer between M-mode and S-mode, allowing an S-mode hypervisor to run multiple VS-mode guest operating systems. A core security guarantee is that VS-mode code cannot directly influence M-mode state.

The Flaw

The sie register controls which supervisor-mode interrupts are enabled. Under RVH, a VS-mode write to sie should modify only the virtual supervisor interrupt-enable state (vsie), with the hypervisor mediating any effects on the real supervisor state. The mie register (machine interrupt-enable) should be entirely inaccessible to VS-mode.

In NEMU's implementation, this mediation is handled incorrectly: a VS-mode write to sie propagates its effects to mie, bypassing the privilege boundary. An attacker controlling a guest OS can exploit this to:

• Disable machine-level interrupts — potentially freezing timer interrupts or platform-level interrupt controller (PLIC) signals
• Enable machine-level interrupt bits — triggering spurious M-mode interrupts
• Destabilize hypervisor scheduling — corrupting the interrupt state the hypervisor relies on for guest preemption

While NEMU is a simulator used for RTL design validation and software bring-up rather than a production hypervisor, the flaw is significant in research, academic, and hardware validation environments where NEMU is used to model system behavior.

Impact

In environments using NEMU for RISC-V system software development or processor verification:

• Virtualization isolation broken — a guest OS can influence machine-level interrupt state
• Hypervisor stability at risk — corrupted mie state can cause the host hypervisor to malfunction
• Security research validity compromised — simulation results that depend on correct interrupt isolation may be invalid on unpatched NEMU
• Potential escape vector — in environments where NEMU models security boundaries, the flaw could represent a guest-to-host escape path

Timeline

Remediation

Update to or beyond commit 55295c4 in the OpenXiangShan NEMU repository. The fix correctly implements the VS-mode to sie write path, ensuring that writes from VS-mode only affect vsie and do not propagate to mie.

Interim Mitigations

If updating is not immediately possible:

1. Disable RVH — if the RISC-V Hypervisor extension is not required for your workload, build NEMU without RVH support to eliminate the attack surface
2. Restrict guest workloads — run only trusted code in VS-mode on affected NEMU versions
3. Validate simulation results — any simulation results involving nested virtualization or interrupt handling on unpatched NEMU should be treated as potentially invalid

References

• NVD Entry — CVE-2026-29646
• OpenXiangShan NEMU Repository
• RISC-V Hypervisor Extension Specification