CVE-2026-23287
Received Received - Intake
Interrupt Handling Deadlock in Linux sifive-plic Due to Affinity Misconfiguration

Publication date: 2026-03-25

Last updated on: 2026-03-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting PLIC ignores interrupt completion message for disabled interrupt, explained by the specification: The PLIC signals it has completed executing an interrupt handler by writing the interrupt ID it received from the claim to the claim/complete register. The PLIC does not check whether the completion ID is the same as the last claim ID for that target. If the completion ID does not match an interrupt source that is currently enabled for the target, the completion is silently ignored. This caused problems in the past, because an interrupt can be disabled while still being handled and plic_irq_eoi() had no effect. That was fixed by checking if the interrupt is disabled, and if so enable it, before sending the completion message. That check is done with irqd_irq_disabled(). However, that is not sufficient because the enable bit for the handling hart can be zero despite irqd_irq_disabled(d) being false. This can happen when affinity setting is changed while a hart is still handling the interrupt. This problem is easily reproducible by dumping a large file to uart (which generates lots of interrupts) and at the same time keep changing the uart interrupt's affinity setting. The uart port becomes frozen almost instantaneously. Fix this by checking PLIC's enable bit instead of irqd_irq_disabled().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-25
Generated
2026-05-07
AI Q&A
2026-03-25
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23287
EUVD
EUVD-2026-15215
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's irqchip/sifive-plic component, where the Platform-Level Interrupt Controller (PLIC) mishandles interrupt completion messages when interrupts are disabled or their affinity settings are changed.

Specifically, the PLIC signals completion of an interrupt by writing the interrupt ID to a claim/complete register without verifying if the interrupt is currently enabled for the target processor (hart). If the interrupt is disabled during handling, the completion message is ignored, causing the interrupt to remain frozen.

The issue is exacerbated when the interrupt's affinity setting is changed while the interrupt is still being handled, leading to the interrupt enable bit being zero despite checks indicating otherwise. This causes the uart port to freeze when many interrupts occur and affinity is changed simultaneously.

The fix involves checking the PLIC's enable bit directly before sending the completion message, ensuring interrupts are properly completed and preventing the freeze.


How can this vulnerability impact me? :

This vulnerability can cause interrupts to become frozen or unresponsive, particularly in scenarios with frequent interrupts and changing affinity settings, such as dumping large files to a uart port.

As a result, hardware components relying on interrupts, like uart ports, may stop functioning correctly, leading to system instability or degraded performance.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability manifests as a frozen interrupt in the Linux kernel's irqchip/sifive-plic driver when the interrupt affinity setting is changed while the interrupt is still being handled.

A practical way to reproduce or detect this issue is by dumping a large file to the UART device, which generates many interrupts, while simultaneously changing the UART interrupt's affinity setting. If the UART port becomes frozen almost immediately, it indicates the presence of this vulnerability.

No specific commands are provided in the available information to detect this vulnerability directly.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability was fixed by modifying the irqchip/sifive-plic driver to check the PLIC's enable bit instead of relying on irqd_irq_disabled() before sending the interrupt completion message.

Immediate mitigation steps would involve updating the Linux kernel to a version that includes this fix.

No other specific mitigation commands or workarounds are provided in the available information.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart