{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23287", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.992Z", "datePublished": "2026-03-25T10:26:46.363Z", "dateUpdated": "2026-03-25T10:26:46.363Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:26:46.363Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/sifive-plic: Fix frozen interrupt due to affinity setting\n\nPLIC ignores interrupt completion message for disabled interrupt, explained\nby the specification:\n\n The PLIC signals it has completed executing an interrupt handler by\n writing the interrupt ID it received from the claim to the\n claim/complete register. The PLIC does not check whether the completion\n ID is the same as the last claim ID for that target. If the completion\n ID does not match an interrupt source that is currently enabled for\n the target, the completion is silently ignored.\n\nThis caused problems in the past, because an interrupt can be disabled\nwhile still being handled and plic_irq_eoi() had no effect. That was fixed\nby checking if the interrupt is disabled, and if so enable it, before\nsending the completion message. That check is done with irqd_irq_disabled().\n\nHowever, that is not sufficient because the enable bit for the handling\nhart can be zero despite irqd_irq_disabled(d) being false. This can happen\nwhen affinity setting is changed while a hart is still handling the\ninterrupt.\n\nThis problem is easily reproducible by dumping a large file to uart (which\ngenerates lots of interrupts) and at the same time keep changing the uart\ninterrupt's affinity setting. The uart port becomes frozen almost\ninstantaneously.\n\nFix this by checking PLIC's enable bit instead of irqd_irq_disabled()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/irqchip/irq-sifive-plic.c"], "versions": [{"version": "cc9f04f9a84f745949e325661550ed14bd0ff322", "lessThan": "8942fb1a5bc2dcbd88f7e656d109d42f778f298f", "status": "affected", "versionType": "git"}, {"version": "cc9f04f9a84f745949e325661550ed14bd0ff322", "lessThan": "2edbd173309165d103be6c73bd83e459dc45ae7b", "status": "affected", "versionType": "git"}, {"version": "cc9f04f9a84f745949e325661550ed14bd0ff322", "lessThan": "686eb378a4a51aa967e08337dd59daade16aec0f", "status": "affected", "versionType": "git"}, {"version": "cc9f04f9a84f745949e325661550ed14bd0ff322", "lessThan": "1883332bf21feb8871af09daf604fc4836a76925", "status": "affected", "versionType": "git"}, {"version": "cc9f04f9a84f745949e325661550ed14bd0ff322", "lessThan": "f611791a927141d05d7030607dea6372311c1413", "status": "affected", "versionType": "git"}, {"version": "cc9f04f9a84f745949e325661550ed14bd0ff322", "lessThan": "1072020685f4b81f6efad3b412cdae0bd62bb043", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/irqchip/irq-sifive-plic.c"], "versions": [{"version": "5.1", "status": "affected"}, {"version": "0", "lessThan": "5.1", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8942fb1a5bc2dcbd88f7e656d109d42f778f298f"}, {"url": "https://git.kernel.org/stable/c/2edbd173309165d103be6c73bd83e459dc45ae7b"}, {"url": "https://git.kernel.org/stable/c/686eb378a4a51aa967e08337dd59daade16aec0f"}, {"url": "https://git.kernel.org/stable/c/1883332bf21feb8871af09daf604fc4836a76925"}, {"url": "https://git.kernel.org/stable/c/f611791a927141d05d7030607dea6372311c1413"}, {"url": "https://git.kernel.org/stable/c/1072020685f4b81f6efad3b412cdae0bd62bb043"}], "title": "irqchip/sifive-plic: Fix frozen interrupt due to affinity setting", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/sifive-plic: Fix frozen interrupt due to affinity setting\n\nPLIC ignores interrupt completion message for disabled interrupt, explained\nby the specification:\n\n The PLIC signals it has completed executing an interrupt handler by\n writing the interrupt ID it received from the claim to the\n claim/complete register. The PLIC does not check whether the completion\n ID is the same as the last claim ID for that target. If the completion\n ID does not match an interrupt source that is currently enabled for\n the target, the completion is silently ignored.\n\nThis caused problems in the past, because an interrupt can be disabled\nwhile still being handled and plic_irq_eoi() had no effect. That was fixed\nby checking if the interrupt is disabled, and if so enable it, before\nsending the completion message. That check is done with irqd_irq_disabled().\n\nHowever, that is not sufficient because the enable bit for the handling\nhart can be zero despite irqd_irq_disabled(d) being false. This can happen\nwhen affinity setting is changed while a hart is still handling the\ninterrupt.\n\nThis problem is easily reproducible by dumping a large file to uart (which\ngenerates lots of interrupts) and at the same time keep changing the uart\ninterrupt's affinity setting. The uart port becomes frozen almost\ninstantaneously.\n\nFix this by checking PLIC's enable bit instead of irqd_irq_disabled()."}], "id": "CVE-2026-23287", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:23.583", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1072020685f4b81f6efad3b412cdae0bd62bb043"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1883332bf21feb8871af09daf604fc4836a76925"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2edbd173309165d103be6c73bd83e459dc45ae7b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/686eb378a4a51aa967e08337dd59daade16aec0f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8942fb1a5bc2dcbd88f7e656d109d42f778f298f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f611791a927141d05d7030607dea6372311c1413"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T11:26:21.942417+00:00", "value": {"mitigation_remediation": ["Apply a Linux kernel update that includes commit 1072020685f4b81f6efad3b412cdae0bd62bb043, or manually apply the patch to the current kernel source and rebuild.", "If a kernel upgrade cannot be performed immediately, restrict or disable dynamic changes to PLIC interrupt affinities until a patched kernel is available.", "After applying the update, verify the kernel version or inspect the commit history to confirm that the PLIC code has been fixed."], "summary": {"action": "Apply patch", "impact": "Interrupt freeze leading to denial of service"}, "threat_synthesis": {"affected_systems": "All Linux kernel builds that include the siFive PLIC driver and that have not yet incorporated the commit 1072020685f4b81f6efad3b412cdae0bd62bb043 are vulnerable. Distributions shipping such kernels with PLIC-based interrupt controllers are affected until a kernel containing the patch is released.", "description_and_impact": "The flaw lives in the Linux kernel\u2019s irqchip/sifive-plic driver. When an interrupt source is disabled or its affinity is shifted while still being serviced, the PLIC controller fails to recognise that the completion message is for a disabled interrupt. The bug allows the interrupt to stay pending, which in practice can cause peripherals such as UART ports to freeze and stop data transfer, resulting in a loss of service availability.", "risk_and_exploitability": "The issue produces a local denial of service only. Exploitation requires the ability to change interrupt affinity on a running system, which is normally a privileged capability. The EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalogue, implying a lower likelihood of widespread exploitation. Nonetheless, the provided patch eliminates the defect, and administrators should avoid altering interrupt affinity on busy peripherals until the kernel is updated."}}}}, "created": "2026-03-25T21:15:43.223049+00:00", "updated": "2026-03-25T21:15:43.223110+00:00", "vendors": [], "weaknesses": ["CWE-682", "CWE-689"]}