CVE-2026-23287Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition8 documents7 sources
Severity
7.8HIGH
No vector
EPSS
0.0%
top 90.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting PLIC ignores interrupt completion message for disabled interrupt, explained by the specification: The PLIC signals it has completed executing an interrupt handler by writing the interrupt ID it received from the claim to the claim/complete register. The PLIC does not check whether the completion ID is the same as the last claim ID for that target. If the comple

Affected Packages5 packages

Linuxlinux/linux_kernel5.1.06.1.167+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linuxcc9f04f9a84f745949e325661550ed14bd0ff3228942fb1a5bc2dcbd88f7e656d109d42f778f298f+6
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
irqchip/sifive-plic: Fix frozen interrupt due to affinity setting2026-03-25
OSV
CVE-2026-23287: In the Linux kernel, the following vulnerability has been resolved: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting PLIC ignores int2026-03-25
GHSA
GHSA-73mm-44q3-cmm6: In the Linux kernel, the following vulnerability has been resolved: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting PLIC ignores i2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting2026-03-25
Microsoft
irqchip/sifive-plic: Fix frozen interrupt due to affinity setting2026-03-10
Debian
CVE-2026-23287: linux - In the Linux kernel, the following vulnerability has been resolved: irqchip/sif...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23287 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23287 — Linux vulnerability | cvebase