The Linux kernel community has patched a critical vulnerability in the SiFive PLIC interrupt controller driver that could cause system-wide freezes on RISC-V systems. CVE-2026-23287 addresses a race condition in the irqchip/sifive-plic driver that could leave interrupts permanently disabled when changing IRQ affinity settings.

This vulnerability specifically affects the Platform-Level Interrupt Controller (PLIC) implementation used across SiFive's RISC-V processor lineup. The PLIC handles interrupt routing between hardware devices and processor cores, making it a fundamental component of system reliability. When the driver attempted to modify which CPU core should handle specific interrupts, a timing window could cause the interrupt to become stuck in a disabled state.

Technical Breakdown of the Vulnerability

The core issue resides in how the SiFive PLIC driver manages interrupt affinity changes. When system administrators or automated tools redirect interrupts from one CPU core to another—a common practice for load balancing or isolating critical interrupts—the driver must properly synchronize the disable-enable sequence. The vulnerability created a window where an interrupt could be disabled but never re-enabled on the target core.

Interrupt controllers like the SiFive PLIC work by maintaining enable bits for each interrupt source on each processor. When changing affinity, the driver must disable the interrupt on the old core, configure routing to the new core, then enable it on the destination. The race condition occurred when these operations weren't properly atomic, potentially leaving the interrupt disabled on both cores.

Impact on RISC-V Systems

Systems using SiFive RISC-V processors with the affected Linux kernel versions would experience gradually degrading reliability. The first symptom might be a single device becoming unresponsive—a network interface dropping packets, storage devices timing out, or USB peripherals disconnecting. As more interrupts become stuck, the system could experience cascading failures leading to complete lockup.

What makes this vulnerability particularly insidious is its timing-dependent nature. The race condition might not trigger during routine testing but could surface under specific load conditions or during certain system maintenance operations. This explains why the vulnerability persisted through multiple kernel releases before discovery.

The Fix Implementation

The patch modifies the irqchip/sifive-plic.c driver to ensure proper locking during affinity changes. Developers added synchronization primitives that guarantee atomicity when updating interrupt enable states across CPU cores. The fix ensures that:

  1. Interrupt disabling on the source core completes before any configuration changes
  2. Routing updates to the destination core happen as a single atomic operation
  3. Interrupt enabling on the target core cannot be interrupted by other affinity changes

Kernel maintainers have backported the fix to multiple stable kernel branches, recognizing the severity of the reliability impact. Systems running Linux kernel versions 5.15 through 6.8 are affected and should receive updates through their distribution's security channels.

Broader Implications for RISC-V Ecosystem

This vulnerability highlights the maturing but still evolving state of RISC-V support in the Linux kernel. As RISC-V adoption grows in embedded systems, servers, and specialized computing, such fundamental interrupt controller issues take on greater significance. The SiFive PLIC driver serves as the primary interrupt controller for numerous RISC-V implementations beyond just SiFive's own processors.

Kernel developers have used this incident to audit similar interrupt controller drivers for comparable race conditions. The irqchip subsystem maintainers have initiated a broader review of affinity-changing code paths across multiple architectures, recognizing that what affected SiFive PLIC could potentially impact other interrupt controllers.

Detection and Mitigation

System administrators can check if their RISC-V systems are vulnerable by examining kernel version and configuration. The vulnerability only affects systems with:

  • RISC-V architecture with SiFive PLIC interrupt controller
  • Linux kernel versions between 5.15 and 6.8 (inclusive)
  • CONFIG_SIFIVE_PLIC enabled in kernel configuration

Immediate mitigation involves updating to a patched kernel version. For systems that cannot immediately update, administrators should avoid changing IRQ affinity settings through tools like irqbalance or manual /proc/irq modifications until patches are applied.

Long-Term Reliability Considerations

This fix represents more than just a security patch—it addresses fundamental system reliability. Interrupt handling sits at the core of operating system responsiveness and device communication. A single stuck interrupt can cascade into system-wide failures, particularly in real-time or high-availability environments.

The Linux kernel community's response demonstrates the robustness of open-source security processes. The vulnerability was discovered through code review and testing rather than exploitation in the wild, then quickly patched and distributed through established channels. This incident will likely lead to improved testing protocols for interrupt controller drivers, particularly around affinity-changing operations that might not be exercised during typical development testing.

As RISC-V continues its trajectory from academic project to production-ready architecture, such foundational fixes strengthen the platform's reliability credentials. Each resolved vulnerability in core subsystems like interrupt handling builds confidence for enterprise adoption and safety-critical applications.

System administrators running RISC-V infrastructure should prioritize applying this patch, even if they haven't observed symptoms. The timing-dependent nature of the race condition means it could trigger at any moment, particularly during system maintenance or under unusual load patterns. Regular kernel updates remain the best defense against such subtle but critical reliability issues.