CVE-2026-23287

{"id": "CVE-2026-23287", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2026-03-25T11:16:23.583", "references": [{"url": "https://git.kernel.org/stable/c/1072020685f4b81f6efad3b412cdae0bd62bb043", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/1883332bf21feb8871af09daf604fc4836a76925", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2edbd173309165d103be6c73bd83e459dc45ae7b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/686eb378a4a51aa967e08337dd59daade16aec0f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8942fb1a5bc2dcbd88f7e656d109d42f778f298f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f611791a927141d05d7030607dea6372311c1413", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/sifive-plic: Fix frozen interrupt due to affinity setting\n\nPLIC ignores interrupt completion message for disabled interrupt, explained\nby the specification:\n\n The PLIC signals it has completed executing an interrupt handler by\n writing the interrupt ID it received from the claim to the\n claim/complete register. The PLIC does not check whether the completion\n ID is the same as the last claim ID for that target. If the completion\n ID does not match an interrupt source that is currently enabled for\n the target, the completion is silently ignored.\n\nThis caused problems in the past, because an interrupt can be disabled\nwhile still being handled and plic_irq_eoi() had no effect. That was fixed\nby checking if the interrupt is disabled, and if so enable it, before\nsending the completion message. That check is done with irqd_irq_disabled().\n\nHowever, that is not sufficient because the enable bit for the handling\nhart can be zero despite irqd_irq_disabled(d) being false. This can happen\nwhen affinity setting is changed while a hart is still handling the\ninterrupt.\n\nThis problem is easily reproducible by dumping a large file to uart (which\ngenerates lots of interrupts) and at the same time keep changing the uart\ninterrupt's affinity setting. The uart port becomes frozen almost\ninstantaneously.\n\nFix this by checking PLIC's enable bit instead of irqd_irq_disabled()."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nirqchip/sifive-plic: Soluci\u00f3n para la interrupci\u00f3n congelada debido a la configuraci\u00f3n de afinidad\n\nPLIC ignora el mensaje de finalizaci\u00f3n de interrupci\u00f3n para interrupciones deshabilitadas, explicado por la especificaci\u00f3n:\n\n El PLIC se\u00f1ala que ha completado la ejecuci\u00f3n de un gestor de interrupciones escribiendo el ID de interrupci\u00f3n que recibi\u00f3 de la solicitud en el registro de solicitud/finalizaci\u00f3n. El PLIC no verifica si el ID de finalizaci\u00f3n es el mismo que el \u00faltimo ID de solicitud para ese objetivo. Si el ID de finalizaci\u00f3n no coincide con una fuente de interrupci\u00f3n que est\u00e1 actualmente habilitada para el objetivo, la finalizaci\u00f3n es ignorada silenciosamente.\n\nEsto caus\u00f3 problemas en el pasado, porque una interrupci\u00f3n puede ser deshabilitada mientras a\u00fan est\u00e1 siendo gestionada y plic_irq_eoi() no ten\u00eda efecto. Eso se solucion\u00f3 verificando si la interrupci\u00f3n est\u00e1 deshabilitada, y si es as\u00ed, habilitarla, antes de enviar el mensaje de finalizaci\u00f3n. Esa verificaci\u00f3n se realiza con irqd_irq_disabled().\n\nSin embargo, eso no es suficiente porque el bit de habilitaci\u00f3n para el hart de gesti\u00f3n puede ser cero a pesar de que irqd_irq_disabled(d) sea falso. Esto puede ocurrir cuando la configuraci\u00f3n de afinidad se cambia mientras un hart todav\u00eda est\u00e1 gestionando la interrupci\u00f3n.\n\nEste problema es f\u00e1cilmente reproducible volcando un archivo grande a la uart (lo que genera muchas interrupciones) y al mismo tiempo seguir cambiando la configuraci\u00f3n de afinidad de la interrupci\u00f3n de la uart. El puerto de la uart se congela casi instant\u00e1neamente.\n\nSolucione esto verificando el bit de habilitaci\u00f3n del PLIC en lugar de irqd_irq_disabled()."}], "lastModified": "2026-05-29T16:32:22.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8989396-B32B-4636-9FF2-C63528E4206B", "versionEndExcluding": "6.1.167", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C57BB918-DF28-46B3-94F7-144176841267", "versionEndExcluding": "6.6.130", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3D12E00-E42D-4056-B354-BAD4903C03A5", "versionEndExcluding": "6.12.77", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5E006E4-59C7-43C1-9231-62A72219F2BA", "versionEndExcluding": "6.18.17", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}