{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23217", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.987Z", "datePublished": "2026-02-18T14:21:54.878Z", "dateUpdated": "2026-05-11T22:02:35.200Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:02:35.200Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: trace: fix snapshot deadlock with sbi ecall\n\nIf sbi_ecall.c's functions are traceable,\n\necho \"__sbi_ecall:snapshot\" > /sys/kernel/tracing/set_ftrace_filter\n\nmay get the kernel into a deadlock.\n\n(Functions in sbi_ecall.c are excluded from tracing if\nCONFIG_RISCV_ALTERNATIVE_EARLY is set.)\n\n__sbi_ecall triggers a snapshot of the ringbuffer. The snapshot code\nraises an IPI interrupt, which results in another call to __sbi_ecall\nand another snapshot...\n\nAll it takes to get into this endless loop is one initial __sbi_ecall.\nOn RISC-V systems without SSTC extension, the clock events in\ntimer-riscv.c issue periodic sbi ecalls, making the problem easy to\ntrigger.\n\nAlways exclude the sbi_ecall.c functions from tracing to fix the\npotential deadlock.\n\nsbi ecalls can easiliy be logged via trace events, excluding ecall\nfunctions from function tracing is not a big limitation."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/kernel/Makefile"], "versions": [{"version": "1ff95eb2bebda50c4c5406caaf201e0fcb24cc8f", "lessThan": "b1f8285bc8e3508c1fde23b5205f1270215d4984", "status": "affected", "versionType": "git"}, {"version": "1ff95eb2bebda50c4c5406caaf201e0fcb24cc8f", "lessThan": "b0d7f5f0c9f05f1b6d4ee7110f15bef9c11f9df0", "status": "affected", "versionType": "git"}, {"version": "82f134ddd4f5da11c277bd1aa02e2a733179725a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/kernel/Makefile"], "versions": [{"version": "6.11", "status": "affected"}, {"version": "0", "lessThan": "6.11", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.10", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.18.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b1f8285bc8e3508c1fde23b5205f1270215d4984"}, {"url": "https://git.kernel.org/stable/c/b0d7f5f0c9f05f1b6d4ee7110f15bef9c11f9df0"}], "title": "riscv: trace: fix snapshot deadlock with sbi ecall", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20B10614-CE0D-494A-9FEA-F01A6985C9B7", "versionEndExcluding": "6.11", "versionStartIncluding": "6.10.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA8A5D78-6E70-4B4A-802B-44FFB0543B56", "versionEndExcluding": "6.18.10", "versionStartIncluding": "6.11.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:-:*:*:*:*:*:*", "matchCriteriaId": "4770BA57-3F3F-493B-8608-EC3B25254949", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc7:*:*:*:*:*:*", "matchCriteriaId": "DE5298B3-04B4-4F3E-B186-01A58B5C75A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: trace: fix snapshot deadlock with sbi ecall\n\nIf sbi_ecall.c's functions are traceable,\n\necho \"__sbi_ecall:snapshot\" > /sys/kernel/tracing/set_ftrace_filter\n\nmay get the kernel into a deadlock.\n\n(Functions in sbi_ecall.c are excluded from tracing if\nCONFIG_RISCV_ALTERNATIVE_EARLY is set.)\n\n__sbi_ecall triggers a snapshot of the ringbuffer. The snapshot code\nraises an IPI interrupt, which results in another call to __sbi_ecall\nand another snapshot...\n\nAll it takes to get into this endless loop is one initial __sbi_ecall.\nOn RISC-V systems without SSTC extension, the clock events in\ntimer-riscv.c issue periodic sbi ecalls, making the problem easy to\ntrigger.\n\nAlways exclude the sbi_ecall.c functions from tracing to fix the\npotential deadlock.\n\nsbi ecalls can easiliy be logged via trace events, excluding ecall\nfunctions from function tracing is not a big limitation."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nriscv: trace: corregir interbloqueo de instant\u00e1nea con sbi ecall\n\nSi las funciones de sbi_ecall.c son rastreables,\n\necho '__sbi_ecall:snapshot' > /sys/kernel/tracing/set_ftrace_filter\n\npuede llevar al kernel a un interbloqueo.\n\n(Las funciones en sbi_ecall.c se excluyen del rastreo si CONFIG_RISCV_ALTERNATIVE_EARLY est\u00e1 configurado.)\n\n__sbi_ecall activa una instant\u00e1nea del ringbuffer. El c\u00f3digo de la instant\u00e1nea genera una interrupci\u00f3n IPI, lo que resulta en otra llamada a __sbi_ecall y otra instant\u00e1nea...\n\nTodo lo que se necesita para entrar en este bucle infinito es una __sbi_ecall inicial. En sistemas RISC-V sin la extensi\u00f3n SSTC, los eventos de reloj en timer-riscv.c emiten sbi ecalls peri\u00f3dicas, haciendo que el problema sea f\u00e1cil de activar.\n\nExcluir siempre las funciones de sbi_ecall.c del rastreo para corregir el interbloqueo potencial.\n\nLas sbi ecalls pueden registrarse f\u00e1cilmente a trav\u00e9s de eventos de rastreo, excluir las funciones ecall del rastreo de funciones no es una gran limitaci\u00f3n."}], "id": "CVE-2026-23217", "lastModified": "2026-03-18T17:36:43.673", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-18T15:18:43.080", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b0d7f5f0c9f05f1b6d4ee7110f15bef9c11f9df0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b1f8285bc8e3508c1fde23b5205f1270215d4984"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: riscv: trace: fix snapshot deadlock with sbi ecall", "id": "2440634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440634"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2026-23217", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23217\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23217\nhttps://lore.kernel.org/linux-cve-announce/2026021800-CVE-2026-23217-f399@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,b1f8285bc8e3508c1fde23b5205f1270215d4984)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,b0d7f5f0c9f05f1b6d4ee7110f15bef9c11f9df0)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.10,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-17T18:39:32.234930+00:00", "value": {"mitigation_remediation": ["Upgrade to a patched kernel version that excludes sbi_ecall.c functions from tracing. This includes Linux 6.11+ and all stable releases that incorporate the fix.", "If an upgrade is not immediately possible, remove \"__sbi_ecall\" from the ftrace filter or set CONFIG_RISCV_ALTERNATIVE_EARLY=y to automatically exclude the functions.", "Verify that any other trace\u2011enabled subsystems are not configured to monitor sbi ecalls, and consider disabling function tracing for the RISC\u2011V core to avoid accidental deadlock."], "summary": {"action": "Apply Patch", "impact": "Denial of Service via kernel deadlock"}, "threat_synthesis": {"affected_systems": "All RISC\u2011V builds of the Linux kernel that compile for sbi_ecall.c trace, specifically kernel versions 6.11 and 6.19/RC1\u2013RC4, are affected. The problem also exists in any future releases that have not yet incorporated the fix to exclude sbi_ecall functions from function tracing. Linux kernel vendors such as the Linux Foundation maintain these releases and provide the necessary patch.", "description_and_impact": "In the Linux kernel, a trace configuration that includes the __sbi_ecall function can trigger an infinite loop of trace snapshots. Each snapshot raises an IPI that re\u2011enters __sbi_ecall, causing a recursive deadlock that freezes the kernel. The flaw stems from a scheduling deadlock vulnerability (CWE\u2011667) and results in a denial of service that can halt all system activity for the affected RISC\u2011V CPUs.", "risk_and_exploitability": "The CVSS v3 score of 5.5 indicates moderate severity. EPSS is less than 1\u202fpercent, suggesting low likelihood of exploitation in the wild, and the vulnerability is not listed in CISA\u2019s KEV catalog. Attackers would need local privilege or the ability to write to /sys/kernel/tracing/set_ftrace_filter to inject the \"__sbi_ecall\" trace filter. The deadlock is triggered by a single initial __sbi_ecall, making the exploit straightforward once the trace filter is configured; systems that enable timer\u2011based sbi ecalls without the SSTC extension are particularly easy to target."}}}}, "created": "2026-02-19T10:19:37.470739+00:00", "updated": "2026-04-17T18:45:25.550962+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}