CVE-2026-23287
In the Linux kernel, the following vulnerability has been resolved: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting PLIC ignores interrupt completion message for disabled interrupt, explained by the specification: The PLIC signals it has completed executing an interrupt handler by writing the interrupt ID it received from the claim to the claim/complete register. The PLIC does not check whether the completion ID is the same as the last claim ID for that target. If the completion ID does not match an interrupt source that is currently enabled for the target, the completion is silently ignored. This caused problems in the past, because an interrupt can be disabled while still being handled and plic_irq_eoi() had no effect. That was fixed by checking if the interrupt is disabled, and if so enable it, before sending the completion message. That check is done with irqd_irq_disabled(). However, that is not sufficient because the enable bit for the handling hart can be zero despite irqd_irq_disabled(d) being false. This can happen when affinity setting is changed while a hart is still handling the interrupt. This problem is easily reproducible by dumping a large file to uart (which generates lots of interrupts) and at the same time keep changing the uart interrupt's affinity setting. The uart port becomes frozen almost instantaneously. Fix this by checking PLIC's enable bit instead of irqd_irq_disabled().
EPSS 0.02% · 4.7th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | *, cc9f04f9a84f745949e325661550ed14bd0ff322, 5.1 |
| linux | linux_kernel | 5.1, 5.1, 5.1 |
Exploit Intelligence
- https://git.kernel.org/stable/c/8942fb1a5bc2dcbd88f7e656d109d42f778f298f (circl)
- https://git.kernel.org/stable/c/2edbd173309165d103be6c73bd83e459dc45ae7b (circl)
- https://git.kernel.org/stable/c/686eb378a4a51aa967e08337dd59daade16aec0f (circl)
- https://git.kernel.org/stable/c/1883332bf21feb8871af09daf604fc4836a76925 (circl)
- https://git.kernel.org/stable/c/f611791a927141d05d7030607dea6372311c1413 (circl)
- https://git.kernel.org/stable/c/1072020685f4b81f6efad3b412cdae0bd62bb043 (circl)
- 4593.2.0.yml (github-poc)
- 4593.2.0.yml (github-poc)
- 4593.2.0.yml (github-poc)
- 4593.2.0.yml (github-poc)
…and 12 more exploits
Timeline
- Mar 25, 2026 EPSS Score
- Mar 25, 2026 Coalition ESS Score
- Mar 25, 2026 CVE Published
- Mar 25, 2026 CVE Updated
- Mar 29, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
References
- https://git.kernel.org/stable/c/8942fb1a5bc2dcbd88f7e656d109d42f778f298f url
- https://git.kernel.org/stable/c/2edbd173309165d103be6c73bd83e459dc45ae7b url
- https://git.kernel.org/stable/c/686eb378a4a51aa967e08337dd59daade16aec0f url
- https://git.kernel.org/stable/c/1883332bf21feb8871af09daf604fc4836a76925 url
- https://git.kernel.org/stable/c/f611791a927141d05d7030607dea6372311c1413 url
- https://git.kernel.org/stable/c/1072020685f4b81f6efad3b412cdae0bd62bb043 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-23287 advisory
- https://lists.debian.org/debian-lts-announce/2026/05/msg00004.html advisory
- https://lists.debian.org/debian-lts-announce/2026/05/msg00005.html advisory
- https://lists.debian.org/debian-security-announce/2026/msg00154.html advisory
- https://lists.debian.org/debian-security-announce/2026/msg00148.html advisory