CVE-2026-23287 (GCVE-0-2026-23287)

Vulnerability from cvelistv5 – Published: 2026-03-25 10:26 – Updated: 2026-04-13 06:03
VLAI?
Title
irqchip/sifive-plic: Fix frozen interrupt due to affinity setting
Summary
In the Linux kernel, the following vulnerability has been resolved: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting PLIC ignores interrupt completion message for disabled interrupt, explained by the specification: The PLIC signals it has completed executing an interrupt handler by writing the interrupt ID it received from the claim to the claim/complete register. The PLIC does not check whether the completion ID is the same as the last claim ID for that target. If the completion ID does not match an interrupt source that is currently enabled for the target, the completion is silently ignored. This caused problems in the past, because an interrupt can be disabled while still being handled and plic_irq_eoi() had no effect. That was fixed by checking if the interrupt is disabled, and if so enable it, before sending the completion message. That check is done with irqd_irq_disabled(). However, that is not sufficient because the enable bit for the handling hart can be zero despite irqd_irq_disabled(d) being false. This can happen when affinity setting is changed while a hart is still handling the interrupt. This problem is easily reproducible by dumping a large file to uart (which generates lots of interrupts) and at the same time keep changing the uart interrupt's affinity setting. The uart port becomes frozen almost instantaneously. Fix this by checking PLIC's enable bit instead of irqd_irq_disabled().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: cc9f04f9a84f745949e325661550ed14bd0ff322 , < 8942fb1a5bc2dcbd88f7e656d109d42f778f298f (git)
Affected: cc9f04f9a84f745949e325661550ed14bd0ff322 , < 2edbd173309165d103be6c73bd83e459dc45ae7b (git)
Affected: cc9f04f9a84f745949e325661550ed14bd0ff322 , < 686eb378a4a51aa967e08337dd59daade16aec0f (git)
Affected: cc9f04f9a84f745949e325661550ed14bd0ff322 , < 1883332bf21feb8871af09daf604fc4836a76925 (git)
Affected: cc9f04f9a84f745949e325661550ed14bd0ff322 , < f611791a927141d05d7030607dea6372311c1413 (git)
Affected: cc9f04f9a84f745949e325661550ed14bd0ff322 , < 1072020685f4b81f6efad3b412cdae0bd62bb043 (git)
Create a notification for this product.
    Linux Linux Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 6.1.167 , ≤ 6.1.* (semver)
Unaffected: 6.6.130 , ≤ 6.6.* (semver)
Unaffected: 6.12.77 , ≤ 6.12.* (semver)
Unaffected: 6.18.17 , ≤ 6.18.* (semver)
Unaffected: 6.19.7 , ≤ 6.19.* (semver)
Unaffected: 7.0 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/irqchip/irq-sifive-plic.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8942fb1a5bc2dcbd88f7e656d109d42f778f298f",
              "status": "affected",
              "version": "cc9f04f9a84f745949e325661550ed14bd0ff322",
              "versionType": "git"
            },
            {
              "lessThan": "2edbd173309165d103be6c73bd83e459dc45ae7b",
              "status": "affected",
              "version": "cc9f04f9a84f745949e325661550ed14bd0ff322",
              "versionType": "git"
            },
            {
              "lessThan": "686eb378a4a51aa967e08337dd59daade16aec0f",
              "status": "affected",
              "version": "cc9f04f9a84f745949e325661550ed14bd0ff322",
              "versionType": "git"
            },
            {
              "lessThan": "1883332bf21feb8871af09daf604fc4836a76925",
              "status": "affected",
              "version": "cc9f04f9a84f745949e325661550ed14bd0ff322",
              "versionType": "git"
            },
            {
              "lessThan": "f611791a927141d05d7030607dea6372311c1413",
              "status": "affected",
              "version": "cc9f04f9a84f745949e325661550ed14bd0ff322",
              "versionType": "git"
            },
            {
              "lessThan": "1072020685f4b81f6efad3b412cdae0bd62bb043",
              "status": "affected",
              "version": "cc9f04f9a84f745949e325661550ed14bd0ff322",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/irqchip/irq-sifive-plic.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.130",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.167",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.130",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.77",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.17",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.7",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/sifive-plic: Fix frozen interrupt due to affinity setting\n\nPLIC ignores interrupt completion message for disabled interrupt, explained\nby the specification:\n\n    The PLIC signals it has completed executing an interrupt handler by\n    writing the interrupt ID it received from the claim to the\n    claim/complete register. The PLIC does not check whether the completion\n    ID is the same as the last claim ID for that target. If the completion\n    ID does not match an interrupt source that is currently enabled for\n    the target, the completion is silently ignored.\n\nThis caused problems in the past, because an interrupt can be disabled\nwhile still being handled and plic_irq_eoi() had no effect. That was fixed\nby checking if the interrupt is disabled, and if so enable it, before\nsending the completion message. That check is done with irqd_irq_disabled().\n\nHowever, that is not sufficient because the enable bit for the handling\nhart can be zero despite irqd_irq_disabled(d) being false. This can happen\nwhen affinity setting is changed while a hart is still handling the\ninterrupt.\n\nThis problem is easily reproducible by dumping a large file to uart (which\ngenerates lots of interrupts) and at the same time keep changing the uart\ninterrupt\u0027s affinity setting. The uart port becomes frozen almost\ninstantaneously.\n\nFix this by checking PLIC\u0027s enable bit instead of irqd_irq_disabled()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T06:03:39.630Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8942fb1a5bc2dcbd88f7e656d109d42f778f298f"
        },
        {
          "url": "https://git.kernel.org/stable/c/2edbd173309165d103be6c73bd83e459dc45ae7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/686eb378a4a51aa967e08337dd59daade16aec0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/1883332bf21feb8871af09daf604fc4836a76925"
        },
        {
          "url": "https://git.kernel.org/stable/c/f611791a927141d05d7030607dea6372311c1413"
        },
        {
          "url": "https://git.kernel.org/stable/c/1072020685f4b81f6efad3b412cdae0bd62bb043"
        }
      ],
      "title": "irqchip/sifive-plic: Fix frozen interrupt due to affinity setting",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23287",
    "datePublished": "2026-03-25T10:26:46.363Z",
    "dateReserved": "2026-01-13T15:37:45.992Z",
    "dateUpdated": "2026-04-13T06:03:39.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-23287",
      "date": "2026-05-09",
      "epss": "0.00035",
      "percentile": "0.10369"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-23287\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-03-25T11:16:23.583\",\"lastModified\":\"2026-03-25T15:41:33.977\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nirqchip/sifive-plic: Fix frozen interrupt due to affinity setting\\n\\nPLIC ignores interrupt completion message for disabled interrupt, explained\\nby the specification:\\n\\n    The PLIC signals it has completed executing an interrupt handler by\\n    writing the interrupt ID it received from the claim to the\\n    claim/complete register. The PLIC does not check whether the completion\\n    ID is the same as the last claim ID for that target. If the completion\\n    ID does not match an interrupt source that is currently enabled for\\n    the target, the completion is silently ignored.\\n\\nThis caused problems in the past, because an interrupt can be disabled\\nwhile still being handled and plic_irq_eoi() had no effect. That was fixed\\nby checking if the interrupt is disabled, and if so enable it, before\\nsending the completion message. That check is done with irqd_irq_disabled().\\n\\nHowever, that is not sufficient because the enable bit for the handling\\nhart can be zero despite irqd_irq_disabled(d) being false. This can happen\\nwhen affinity setting is changed while a hart is still handling the\\ninterrupt.\\n\\nThis problem is easily reproducible by dumping a large file to uart (which\\ngenerates lots of interrupts) and at the same time keep changing the uart\\ninterrupt\u0027s affinity setting. The uart port becomes frozen almost\\ninstantaneously.\\n\\nFix this by checking PLIC\u0027s enable bit instead of irqd_irq_disabled().\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1072020685f4b81f6efad3b412cdae0bd62bb043\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1883332bf21feb8871af09daf604fc4836a76925\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2edbd173309165d103be6c73bd83e459dc45ae7b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/686eb378a4a51aa967e08337dd59daade16aec0f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8942fb1a5bc2dcbd88f7e656d109d42f778f298f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f611791a927141d05d7030607dea6372311c1413\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.