CVE-2026-23287 | Linux Kernel up to 7.0-rc1 sifive-plic plic_irq_eoi denial of service

VDB-353000 · CVE-2026-23287 · GCVE-0-2026-23287 LINUX KERNEL UP TO 7.0-RC1 SIFIVE-PLIC PLIC_IRQ_EOI DENIAL OF SERVICE HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 5.5 $0-$5k 2.64+ Summaryinfo A vulnerability was found in Linux Kernel up to 7.0-rc1 and classified as critical. Affected is the function plic_irq_eoi of the component sifive-plic. Such manipulation leads to denial of service. This vulnerability is referenced as CVE-2026-23287. No exploit is available. It is suggested to upgrade the affected component. Detailsinfo A vulnerability, which was classified as critical, has been found in Linux Kernel up to 7.0-rc1. Affected by this issue is the function plic_irq_eoi of the component sifive-plic. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. Impacted is availability. CVE summarizes: In the Linux kernel, the following vulnerability has been resolved: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting PLIC ignores interrupt completion message for disabled interrupt, explained by the specification: The PLIC signals it has completed executing an interrupt handler by writing the interrupt ID it received from the claim to the claim/complete register. The PLIC does not check whether the completion ID is the same as the last claim ID for that target. If the completion ID does not match an interrupt source that is currently enabled for the target, the completion is silently ignored. This caused problems in the past, because an interrupt can be disabled while still being handled and plic_irq_eoi() had no effect. That was fixed by checking if the interrupt is disabled, and if so enable it, before sending the completion message. That check is done with irqd_irq_disabled(). However, that is not sufficient because the enable bit for the handling hart can be zero despite irqd_irq_disabled(d) being false. This can happen when affinity setting is changed while a hart is still handling the interrupt. This problem is easily reproducible by dumping a large file to uart (which generates lots of interrupts) and at the same time keep changing the uart interrupt's affinity setting. The uart port becomes frozen almost instantaneously. Fix this by checking PLIC's enable bit instead of irqd_irq_disabled(). The advisory is shared for download at git.kernel.org. This vulnerability is handled as CVE-2026-23287 since 01/13/2026. There are known technical details, but no exploit is available. Upgrading to version 6.1.167, 6.6.130, 6.12.77, 6.18.17, 6.19.7 or 7.0-rc2 eliminates this vulnerability. Applying the patch 8942fb1a5bc2dcbd88f7e656d109d42f778f298f/2edbd173309165d103be6c73bd83e459dc45ae7b/686eb378a4a51aa967e08337dd59daade16aec0f/1883332bf21feb8871af09daf604fc4836a76925/f611791a927141d05d7030607dea6372311c1413/1072020685f4b81f6efad3b412cdae0bd62bb043 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version. Productinfo Type Operating System Vendor Linux Name Kernel Version 6.1.166 6.6.129 6.12.0 6.12.1 6.12.2 6.12.3 6.12.4 6.12.5 6.12.6 6.12.7 6.12.8 6.12.9 6.12.10 6.12.11 6.12.12 6.12.13 6.12.14 6.12.15 6.12.16 6.12.17 6.12.18 6.12.19 6.12.20 6.12.21 6.12.22 6.12.23 6.12.24 6.12.25 6.12.26 6.12.27 6.12.28 6.12.29 6.12.30 6.12.31 6.12.32 6.12.33 6.12.34 6.12.35 6.12.36 6.12.37 6.12.38 6.12.39 6.12.40 6.12.41 6.12.42 6.12.43 6.12.44 6.12.45 6.12.46 6.12.47 6.12.48 6.12.49 6.12.50 6.12.51 6.12.52 6.12.53 6.12.54 6.12.55 6.12.56 6.12.57 6.12.58 6.12.59 6.12.60 6.12.61 6.12.62 6.12.63 6.12.64 6.12.65 6.12.66 6.12.67 6.12.68 6.12.69 6.12.70 6.12.71 6.12.72 6.12.73 6.12.74 6.12.75 6.12.76 6.18.0 6.18.1 6.18.2 6.18.3 6.18.4 6.18.5 6.18.6 6.18.7 6.18.8 6.18.9 6.18.10 6.18.11 6.18.12 6.18.13 6.18.14 6.18.15 6.18.16 6.19.0 6.19.1 6.19.2 6.19.3 6.19.4 6.19.5 6.19.6 7.0-rc1 License open-source Website Vendor: https://www.kernel.org/ CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 5.7 VulDB Meta Temp Score: 5.5 VulDB Base Score: 5.7 VulDB Temp Score: 5.5 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Denial of service CWE: CWE-404 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: Kernel 6.1.167/6.6.130/6.12.77/6.18.17/6.19.7/7.0-rc2 Patch: 8942fb1a5bc2dcbd88f7e656d109d42f778f298f/2edbd173309165d103be6c73bd83e459dc45ae7b/686eb378a4a51aa967e08337dd59daade16aec0f/1883332bf21feb8871af09daf604fc4836a76925/f611791a927141d05d7030607dea6372311c1413/1072020685f4b81f6efad3b412cdae0bd62bb043 Timelineinfo 01/13/2026 CVE reserved 03/25/2026 +71 days Advisory disclosed 03/25/2026 +0 days VulDB entry created 03/25/2026 +0 days VulDB entry last update Sourcesinfo Vendor: kernel.org Advisory: git.kernel.org Status: Confirmed CVE: CVE-2026-23287 (🔒) GCVE (CVE): GCVE-0-2026-23287 GCVE (VulDB): GCVE-100-353000 Entryinfo Created: 03/25/2026 12:06 Changes: 03/25/2026 12:06 (59) Complete: 🔍 Cache ID: 99:DCA:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸