OpenXiangShan NEMU Smstateen Permission Enforcement Vulnerability
Vulnerability
A vulnerability in OpenXiangShan NEMU allows lower-privileged code to access IMSIC state through the stopei and vstopei CSRs, despite the mstateen0.IMSIC bit being cleared. This flaw arises from inadequate enforcement of permission related to the Smstateen extension, potentially leading to cross-context information leakage or disruption of interrupt handling.
Impact
Exploitation of this vulnerability could result in unauthorized access to IMSIC state, allowing for potential information leakage between contexts or interference with interrupt management.
Reproduction
To reproduce this vulnerability, clear the IMSIC bit in the mstateen0 register, set the processor to mode 1, and then access the stopei or vstopei registers. The access should trigger an illegal instruction exception, but due to the vulnerability, it will not.
Remediation
Users can update to the latest version of OpenXiangShan NEMU, where this issue has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.