Description
In the Linux kernel, the following vulnerability has been resolved:

irqchip/sifive-plic: Fix frozen interrupt due to affinity setting

PLIC ignores interrupt completion message for disabled interrupt, explained
by the specification:

The PLIC signals it has completed executing an interrupt handler by
writing the interrupt ID it received from the claim to the
claim/complete register. The PLIC does not check whether the completion
ID is the same as the last claim ID for that target. If the completion
ID does not match an interrupt source that is currently enabled for
the target, the completion is silently ignored.

This caused problems in the past, because an interrupt can be disabled
while still being handled and plic_irq_eoi() had no effect. That was fixed
by checking if the interrupt is disabled, and if so enable it, before
sending the completion message. That check is done with irqd_irq_disabled().

However, that is not sufficient because the enable bit for the handling
hart can be zero despite irqd_irq_disabled(d) being false. This can happen
when affinity setting is changed while a hart is still handling the
interrupt.

This problem is easily reproducible by dumping a large file to uart (which
generates lots of interrupts) and at the same time keep changing the uart
interrupt's affinity setting. The uart port becomes frozen almost
instantaneously.

Fix this by checking PLIC's enable bit instead of irqd_irq_disabled().
Published: 2026-03-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (interrupt freeze)
Action: Patch Immediately
AI Analysis

Impact

In Linux kernels that use the SiFive PLIC interrupt controller, changing an interrupt’s affinity while it is being serviced can cause the interrupt controller to ignore the completion signal, leaving the interrupt permanently disabled. This leads to a device, such as a UART port, becoming frozen, halting further data transmission and effectively disrupting I/O operations. The weakness is identified as CWE‑367, a concurrency/process control flaw that misses a proper check before acknowledging an interrupt completion.

Affected Systems

The vulnerability affects any Linux kernel that integrates the SiFive PLIC driver without the recent fix that verifies the PLIC’s enable bit before sending an interrupt completion. No specific kernel release is named in the advisory, so any build that predates the patch that validates the enable bit may be vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity focused on availability. The EPSS value of <1% suggests a low likelihood of exploitation in the wild, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that an attacker would need local or privileged access to modify interrupt affinity while traffic is occurring; without such access the freeze cannot be induced. Consequently the risk level is moderate, contingent on the attacker’s ability to change affinity and trigger the fault.

Generated by OpenCVE AI on March 26, 2026 at 15:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that contains the PLIC affinity validation fix
  • Reboot the system after updating to ensure the interrupt controller re‑initializes
  • Until the patch is applied, avoid changing UART interrupt affinity during heavy I/O to prevent freezing
  • Monitor your distribution’s security advisories to verify that the patch is present

Generated by OpenCVE AI on March 26, 2026 at 15:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6238-1 linux security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-682
CWE-689

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-682
CWE-689

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting PLIC ignores interrupt completion message for disabled interrupt, explained by the specification: The PLIC signals it has completed executing an interrupt handler by writing the interrupt ID it received from the claim to the claim/complete register. The PLIC does not check whether the completion ID is the same as the last claim ID for that target. If the completion ID does not match an interrupt source that is currently enabled for the target, the completion is silently ignored. This caused problems in the past, because an interrupt can be disabled while still being handled and plic_irq_eoi() had no effect. That was fixed by checking if the interrupt is disabled, and if so enable it, before sending the completion message. That check is done with irqd_irq_disabled(). However, that is not sufficient because the enable bit for the handling hart can be zero despite irqd_irq_disabled(d) being false. This can happen when affinity setting is changed while a hart is still handling the interrupt. This problem is easily reproducible by dumping a large file to uart (which generates lots of interrupts) and at the same time keep changing the uart interrupt's affinity setting. The uart port becomes frozen almost instantaneously. Fix this by checking PLIC's enable bit instead of irqd_irq_disabled().
Title irqchip/sifive-plic: Fix frozen interrupt due to affinity setting
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:03:39.630Z

Reserved: 2026-01-13T15:37:45.992Z

Link: CVE-2026-23287

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T11:16:23.583

Modified: 2026-03-25T15:41:33.977

Link: CVE-2026-23287

cve-icon Redhat

Severity : Low

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23287 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:50:18Z

Weaknesses