CVE-2026-23217Improper Locking in Linux

CWE-667Improper Locking8 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedFeb 18

Description

In the Linux kernel, the following vulnerability has been resolved: riscv: trace: fix snapshot deadlock with sbi ecall If sbi_ecall.c's functions are traceable, echo "__sbi_ecall:snapshot" > /sys/kernel/tracing/set_ftrace_filter may get the kernel into a deadlock. (Functions in sbi_ecall.c are excluded from tracing if CONFIG_RISCV_ALTERNATIVE_EARLY is set.) __sbi_ecall triggers a snapshot of the ringbuffer. The snapshot code raises an IPI interrupt, which results in another call to __sbi_e

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel6.10.106.11+3
Debianlinux/linux_kernel< 6.18.10-1
CVEListV5linux/linux1ff95eb2bebda50c4c5406caaf201e0fcb24cc8fb1f8285bc8e3508c1fde23b5205f1270215d4984+3

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2026-23217: In the Linux kernel, the following vulnerability has been resolved: riscv: trace: fix snapshot deadlock with sbi ecall If sbi_ecall2026-02-18
GHSA
GHSA-787p-86v4-hhfg: In the Linux kernel, the following vulnerability has been resolved: riscv: trace: fix snapshot deadlock with sbi ecall If sbi_ecall2026-02-18
CVEList
riscv: trace: fix snapshot deadlock with sbi ecall2026-02-18

📋Vendor Advisories

3
Red Hat
kernel: riscv: trace: fix snapshot deadlock with sbi ecall2026-02-18
Microsoft
riscv: trace: fix snapshot deadlock with sbi ecall2026-02-10
Debian
CVE-2026-23217: linux - In the Linux kernel, the following vulnerability has been resolved: riscv: trac...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23217 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23217 — Improper Locking in Linux | cvebase