CVE-2026-23217
Received Received - Intake
Deadlock Vulnerability in Linux Kernel RISC-V SBI Ecall Tracing

Publication date: 2026-02-18

Last updated on: 2026-03-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: riscv: trace: fix snapshot deadlock with sbi ecall If sbi_ecall.c's functions are traceable, echo "__sbi_ecall:snapshot" > /sys/kernel/tracing/set_ftrace_filter may get the kernel into a deadlock. (Functions in sbi_ecall.c are excluded from tracing if CONFIG_RISCV_ALTERNATIVE_EARLY is set.) __sbi_ecall triggers a snapshot of the ringbuffer. The snapshot code raises an IPI interrupt, which results in another call to __sbi_ecall and another snapshot... All it takes to get into this endless loop is one initial __sbi_ecall. On RISC-V systems without SSTC extension, the clock events in timer-riscv.c issue periodic sbi ecalls, making the problem easy to trigger. Always exclude the sbi_ecall.c functions from tracing to fix the potential deadlock. sbi ecalls can easiliy be logged via trace events, excluding ecall functions from function tracing is not a big limitation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-03-18
Generated
2026-06-16
AI Q&A
2026-02-18
EPSS Evaluated
2026-06-14
NVD
CVE-2026-23217
EUVD
EUVD-2026-8018
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.11
linux linux_kernel From 6.10.10 (inc) to 6.11 (exc)
linux linux_kernel 6.11
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.11.1 (inc) to 6.18.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel on RISC-V systems related to tracing functions in sbi_ecall.c. When functions in sbi_ecall.c are traceable, writing "__sbi_ecall:snapshot" to /sys/kernel/tracing/set_ftrace_filter can cause the kernel to enter a deadlock.

The issue arises because __sbi_ecall triggers a snapshot of the ringbuffer, which raises an IPI interrupt. This interrupt causes another call to __sbi_ecall and another snapshot, creating an endless loop that leads to deadlock.

On RISC-V systems without the SSTC extension, periodic sbi ecalls from timer-riscv.c make this problem easy to trigger. The recommended fix is to always exclude sbi_ecall.c functions from tracing, which prevents the deadlock.

Impact Analysis

This vulnerability can cause the Linux kernel on affected RISC-V systems to enter a deadlock state when tracing is enabled for sbi_ecall.c functions. This deadlock can halt system operations, potentially causing system freezes or crashes.

Since the deadlock is triggered by an endless loop of snapshot calls, it can severely impact system stability and availability, especially on systems without the SSTC extension where periodic sbi ecalls are common.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring if the kernel tracing includes functions from sbi_ecall.c, which may cause a deadlock.

A relevant command to check or trigger the issue is:

  • echo "__sbi_ecall:snapshot" > /sys/kernel/tracing/set_ftrace_filter

If this command causes the kernel to deadlock, it indicates the vulnerability is present.

Mitigation Strategies

To mitigate this vulnerability, always exclude the sbi_ecall.c functions from tracing.

Specifically, ensure that functions in sbi_ecall.c are not included in the ftrace filter to prevent the deadlock.

If the kernel is configured with CONFIG_RISCV_ALTERNATIVE_EARLY, these functions are already excluded from tracing.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23217. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart