{ "threat_severity" : "Low", "public_date" : "2026-03-25T00:00:00Z", "bugzilla" : { "description" : "kernel: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting", "id" : "2451277", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2451277" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "draft" }, "cwe" : "CWE-367", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nirqchip/sifive-plic: Fix frozen interrupt due to affinity setting\nPLIC ignores interrupt completion message for disabled interrupt, explained\nby the specification:\nThe PLIC signals it has completed executing an interrupt handler by\nwriting the interrupt ID it received from the claim to the\nclaim/complete register. The PLIC does not check whether the completion\nID is the same as the last claim ID for that target. If the completion\nID does not match an interrupt source that is currently enabled for\nthe target, the completion is silently ignored.\nThis caused problems in the past, because an interrupt can be disabled\nwhile still being handled and plic_irq_eoi() had no effect. That was fixed\nby checking if the interrupt is disabled, and if so enable it, before\nsending the completion message. That check is done with irqd_irq_disabled().\nHowever, that is not sufficient because the enable bit for the handling\nhart can be zero despite irqd_irq_disabled(d) being false. This can happen\nwhen affinity setting is changed while a hart is still handling the\ninterrupt.\nThis problem is easily reproducible by dumping a large file to uart (which\ngenerates lots of interrupts) and at the same time keep changing the uart\ninterrupt's affinity setting. The uart port becomes frozen almost\ninstantaneously.\nFix this by checking PLIC's enable bit instead of irqd_irq_disabled().", "A flaw was found in the Linux kernel's irqchip/sifive-plic component. When an interrupt's affinity setting is changed while a hardware thread (hart) is still processing the interrupt, the Programmable Interrupt Controller (PLIC) may ignore the interrupt completion message. This can lead to the interrupt becoming frozen, causing a Denial of Service (DoS) where affected hardware, such as a Universal Asynchronous Receiver-Transmitter (UART) port, becomes unresponsive." ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-23287\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23287\nhttps://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23287-93b2@gregkh/T" ], "name" : "CVE-2026-23287", "csaw" : false }