CVE-2026-23287

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> irqchip/sifive-plic: Fix frozen interrupt due to affinity setting<br /> <br /> PLIC ignores interrupt completion message for disabled interrupt, explained<br /> by the specification:<br /> <br /> The PLIC signals it has completed executing an interrupt handler by<br /> writing the interrupt ID it received from the claim to the<br /> claim/complete register. The PLIC does not check whether the completion<br /> ID is the same as the last claim ID for that target. If the completion<br /> ID does not match an interrupt source that is currently enabled for<br /> the target, the completion is silently ignored.<br /> <br /> This caused problems in the past, because an interrupt can be disabled<br /> while still being handled and plic_irq_eoi() had no effect. That was fixed<br /> by checking if the interrupt is disabled, and if so enable it, before<br /> sending the completion message. That check is done with irqd_irq_disabled().<br /> <br /> However, that is not sufficient because the enable bit for the handling<br /> hart can be zero despite irqd_irq_disabled(d) being false. This can happen<br /> when affinity setting is changed while a hart is still handling the<br /> interrupt.<br /> <br /> This problem is easily reproducible by dumping a large file to uart (which<br /> generates lots of interrupts) and at the same time keep changing the uart<br /> interrupt&amp;#39;s affinity setting. The uart port becomes frozen almost<br /> instantaneously.<br /> <br /> Fix this by checking PLIC&amp;#39;s enable bit instead of irqd_irq_disabled().