CVE-2026-23217
Deadlock Vulnerability in Linux Kernel RISC-V SBI Ecall Tracing
Publication date: 2026-02-18
Last updated on: 2026-03-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.11 |
| linux | linux_kernel | From 6.10.10 (inc) to 6.11 (exc) |
| linux | linux_kernel | 6.11 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.11.1 (inc) to 6.18.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-667 | The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel on RISC-V systems related to tracing functions in sbi_ecall.c. When functions in sbi_ecall.c are traceable, writing "__sbi_ecall:snapshot" to /sys/kernel/tracing/set_ftrace_filter can cause the kernel to enter a deadlock.
The issue arises because __sbi_ecall triggers a snapshot of the ringbuffer, which raises an IPI interrupt. This interrupt causes another call to __sbi_ecall and another snapshot, creating an endless loop that leads to deadlock.
On RISC-V systems without the SSTC extension, periodic sbi ecalls from timer-riscv.c make this problem easy to trigger. The recommended fix is to always exclude sbi_ecall.c functions from tracing, which prevents the deadlock.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel on affected RISC-V systems to enter a deadlock state when tracing is enabled for sbi_ecall.c functions. This deadlock can halt system operations, potentially causing system freezes or crashes.
Since the deadlock is triggered by an endless loop of snapshot calls, it can severely impact system stability and availability, especially on systems without the SSTC extension where periodic sbi ecalls are common.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring if the kernel tracing includes functions from sbi_ecall.c, which may cause a deadlock.
A relevant command to check or trigger the issue is:
- echo "__sbi_ecall:snapshot" > /sys/kernel/tracing/set_ftrace_filter
If this command causes the kernel to deadlock, it indicates the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, always exclude the sbi_ecall.c functions from tracing.
Specifically, ensure that functions in sbi_ecall.c are not included in the ftrace filter to prevent the deadlock.
If the kernel is configured with CONFIG_RISCV_ALTERNATIVE_EARLY, these functions are already excluded from tracing.