SB20260325172 - Resource exhaustion in Linux kernel irqchip driver
Published: March 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource exhaustion (CVE-ID: CVE-2026-23287)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper handling of interrupt completion in the irqchip/sifive-plic component when changing interrupt affinity settings. A local user can trigger a scenario where interrupt completion is silently ignored, leading to a frozen interrupt state and resulting in a denial of service.
The issue arises specifically when interrupt affinity is modified concurrently with interrupt handling, causing the UART port or other interrupt-driven devices to become unresponsive.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1072020685f4b81f6efad3b412cdae0bd62bb043
- https://git.kernel.org/stable/c/1883332bf21feb8871af09daf604fc4836a76925
- https://git.kernel.org/stable/c/2edbd173309165d103be6c73bd83e459dc45ae7b
- https://git.kernel.org/stable/c/686eb378a4a51aa967e08337dd59daade16aec0f
- https://git.kernel.org/stable/c/8942fb1a5bc2dcbd88f7e656d109d42f778f298f
- https://git.kernel.org/stable/c/f611791a927141d05d7030607dea6372311c1413