HOMEVULNERABILITIESCVE-2026-23287
NONE

CVE-2026-23287

Published: March 25, 2026· Updated: Mar 25, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:6.5th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

irqchip/sifive-plic: Fix frozen interrupt due to affinity setting

PLIC ignores interrupt completion message for disabled interrupt, explained

by the specification:

The PLIC signals it has completed executing an interrupt handler by

writing the interrupt ID it received from the claim to the

claim/complete register. The PLIC does not check whether the completion

ID is the same as the last claim ID for that target. If the completion

ID does not match an interrupt source that is currently enabled for

the target, the completion is silently ignored.

This caused problems in the past, because an interrupt can be disabled

while still being handled and plic_irq_eoi() had no effect. That was fixed

by checking if the interrupt is disabled, and if so enable it, before

sending the completion message. That check is done with irqd_irq_disabled().

However, that is not sufficient because the enable bit for the handling

hart can be zero despite irqd_irq_disabled(d) being false. This can happen

when affinity setting is changed while a hart is still handling the

interrupt.

This problem is easily reproducible by dumping a large file to uart (which

generates lots of interrupts) and at the same time keep changing the uart

interrupt's affinity setting. The uart port becomes frozen almost

instantaneously.

Fix this by checking PLIC's enable bit instead of irqd_irq_disabled().

NVD Source

Technical Analysis

CVE-2026-23287 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (6)

Quick Facts

CVE IDCVE-2026-23287
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMar 25, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23287 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.