GHSA-787P-86V4-HHFG

Vulnerability from github – Published: 2026-02-18 15:31 – Updated: 2026-02-18 15:31
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

riscv: trace: fix snapshot deadlock with sbi ecall

If sbi_ecall.c's functions are traceable,

echo "__sbi_ecall:snapshot" > /sys/kernel/tracing/set_ftrace_filter

may get the kernel into a deadlock.

(Functions in sbi_ecall.c are excluded from tracing if CONFIG_RISCV_ALTERNATIVE_EARLY is set.)

__sbi_ecall triggers a snapshot of the ringbuffer. The snapshot code raises an IPI interrupt, which results in another call to __sbi_ecall and another snapshot...

All it takes to get into this endless loop is one initial __sbi_ecall. On RISC-V systems without SSTC extension, the clock events in timer-riscv.c issue periodic sbi ecalls, making the problem easy to trigger.

Always exclude the sbi_ecall.c functions from tracing to fix the potential deadlock.

sbi ecalls can easiliy be logged via trace events, excluding ecall functions from function tracing is not a big limitation.

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2026-23217"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-18T15:18:43Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: trace: fix snapshot deadlock with sbi ecall\n\nIf sbi_ecall.c\u0027s functions are traceable,\n\necho \"__sbi_ecall:snapshot\" \u003e /sys/kernel/tracing/set_ftrace_filter\n\nmay get the kernel into a deadlock.\n\n(Functions in sbi_ecall.c are excluded from tracing if\nCONFIG_RISCV_ALTERNATIVE_EARLY is set.)\n\n__sbi_ecall triggers a snapshot of the ringbuffer. The snapshot code\nraises an IPI interrupt, which results in another call to __sbi_ecall\nand another snapshot...\n\nAll it takes to get into this endless loop is one initial __sbi_ecall.\nOn RISC-V systems without SSTC extension, the clock events in\ntimer-riscv.c issue periodic sbi ecalls, making the problem easy to\ntrigger.\n\nAlways exclude the sbi_ecall.c functions from tracing to fix the\npotential deadlock.\n\nsbi ecalls can easiliy be logged via trace events, excluding ecall\nfunctions from function tracing is not a big limitation.",
  "id": "GHSA-787p-86v4-hhfg",
  "modified": "2026-02-18T15:31:27Z",
  "published": "2026-02-18T15:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23217"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0d7f5f0c9f05f1b6d4ee7110f15bef9c11f9df0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b1f8285bc8e3508c1fde23b5205f1270215d4984"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.