CVE-2026-23287

In the Linux kernel, the following vulnerability has been resolved:

irqchip/sifive-plic: Fix frozen interrupt due to affinity setting

PLIC ignores interrupt completion message for disabled interrupt, explained by the specification:

The PLIC signals it has completed executing an interrupt handler by
writing the interrupt ID it received from the claim to the
claim/complete register. The PLIC does not check whether the completion
ID is the same as the last claim ID for that target. If the completion
ID does not match an interrupt source that is currently enabled for
the target, the completion is silently ignored.

This caused problems in the past, because an interrupt can be disabled while still being handled and plicirqeoi() had no effect. That was fixed by checking if the interrupt is disabled, and if so enable it, before sending the completion message. That check is done with irqdirqdisabled().

However, that is not sufficient because the enable bit for the handling hart can be zero despite irqdirqdisabled(d) being false. This can happen when affinity setting is changed while a hart is still handling the interrupt.

This problem is easily reproducible by dumping a large file to uart (which generates lots of interrupts) and at the same time keep changing the uart interrupt's affinity setting. The uart port becomes frozen almost instantaneously.

Fix this by checking PLIC's enable bit instead of irqdirqdisabled().