CVE-2026-29645

EUVD-2026-23937

20.04.2026, 20:16

NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector (RVV) decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings to be misinterpreted and executed as vset* configuration instructions rather than raising an illegal-instruction exception. This can be exploited by providing crafted RISC-V binaries to cause incorrect trap behavior, architectural state corruption/divergence, and potential denial of service in systems that rely on NEMU for correct execution or sandboxing.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

References

https://docs.riscv.org/reference/isa/unpriv/v-st-ext.html

https://github.com/OpenXiangShan/NEMU/commit/481de637d5fc5838356caee80a79e56a33754039

https://github.com/OpenXiangShan/NEMU/issues/952

https://github.com/OpenXiangShan/NEMU/pull/958