Skip to main content

Linux EUVDEUVD-2026-15215

| CVE-2026-23287 MEDIUM
2026-03-25 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 29, 2026 - 16:37 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15215
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:26 nvd
N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

irqchip/sifive-plic: Fix frozen interrupt due to affinity setting

PLIC ignores interrupt completion message for disabled interrupt, explained by the specification:

The PLIC signals it has completed executing an interrupt handler by writing the interrupt ID it received from the claim to the claim/complete register. The PLIC does not check whether the completion ID is the same as the last claim ID for that target. If the completion ID does not match an interrupt source that is currently enabled for the target, the completion is silently ignored.

This caused problems in the past, because an interrupt can be disabled while still being handled and plic_irq_eoi() had no effect. That was fixed by checking if the interrupt is disabled, and if so enable it, before sending the completion message. That check is done with irqd_irq_disabled().

However, that is not sufficient because the enable bit for the handling hart can be zero despite irqd_irq_disabled(d) being false. This can happen when affinity setting is changed while a hart is still handling the interrupt.

This problem is easily reproducible by dumping a large file to uart (which generates lots of interrupts) and at the same time keep changing the uart interrupt's affinity setting. The uart port becomes frozen almost instantaneously.

Fix this by checking PLIC's enable bit instead of irqd_irq_disabled().

AnalysisAI

A race condition in the SiFive PLIC (Platform Level Interrupt Controller) interrupt handling code can cause interrupts to become frozen when interrupt affinity is modified while an interrupt is being processed. The vulnerability affects Linux kernel implementations using the SiFive PLIC irqchip driver, potentially causing system hangs or device unresponsiveness on RISC-V systems. While not actively exploited in the wild, the issue is easily reproducible through concurrent affinity changes and high interrupt load, making it a practical denial-of-service concern for affected systems.

Technical ContextAI

The SiFive PLIC is a standard interrupt controller for RISC-V systems that manages interrupt routing and completion signaling across multiple CPU harts (hardware threads). The vulnerability resides in the plic_irq_eoi() (end-of-interrupt) function within irqchip/sifive-plic driver code. When an interrupt's affinity (target CPU assignment) is changed while a hart is still handling the interrupt, the PLIC's per-hart enable bit for that interrupt can become zero despite the kernel's irqd_irq_disabled() check returning false. According to the PLIC specification, the controller silently ignores completion messages for disabled interrupts, preventing the interrupt from being properly cleared and causing it to freeze. The root cause is a synchronization gap between the kernel's interrupt state tracking (via irqd_irq_disabled()) and the actual hardware enable bits in the PLIC. Affected products are identified via CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* across multiple kernel versions.

RemediationAI

Upgrade the Linux kernel to a version containing the SiFive PLIC interrupt handling fix. The patches are available via the kernel.org stable tree commits provided in the references (git.kernel.org/stable/c/ links). For affected systems, apply commits 8942fb1a5bc2dcbd88f7e656d109d42f778f298f or equivalent stable backports. The fix modifies plic_irq_eoi() to check the PLIC hardware enable bit directly rather than relying on irqd_irq_disabled(), ensuring proper interrupt completion signaling even when affinity changes occur mid-handler. Until patching is possible, mitigate risk by restricting interrupt affinity changes during high-interrupt-load periods and avoiding concurrent affinity modifications on high-traffic interrupt sources (e.g., UART, network devices). Monitor system logs for frozen interrupts or unresponsive devices as early warning signs.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15215 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy