FKIE_CVE-2026-23217

Vulnerability from fkie_nvd - Published: 2026-02-18 15:18 - Updated: 2026-02-18 17:51
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: riscv: trace: fix snapshot deadlock with sbi ecall If sbi_ecall.c's functions are traceable, echo "__sbi_ecall:snapshot" > /sys/kernel/tracing/set_ftrace_filter may get the kernel into a deadlock. (Functions in sbi_ecall.c are excluded from tracing if CONFIG_RISCV_ALTERNATIVE_EARLY is set.) __sbi_ecall triggers a snapshot of the ringbuffer. The snapshot code raises an IPI interrupt, which results in another call to __sbi_ecall and another snapshot... All it takes to get into this endless loop is one initial __sbi_ecall. On RISC-V systems without SSTC extension, the clock events in timer-riscv.c issue periodic sbi ecalls, making the problem easy to trigger. Always exclude the sbi_ecall.c functions from tracing to fix the potential deadlock. sbi ecalls can easiliy be logged via trace events, excluding ecall functions from function tracing is not a big limitation.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b0d7f5f0c9f05f1b6d4ee7110f15bef9c11f9df0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b1f8285bc8e3508c1fde23b5205f1270215d4984
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: trace: fix snapshot deadlock with sbi ecall\n\nIf sbi_ecall.c\u0027s functions are traceable,\n\necho \"__sbi_ecall:snapshot\" \u003e /sys/kernel/tracing/set_ftrace_filter\n\nmay get the kernel into a deadlock.\n\n(Functions in sbi_ecall.c are excluded from tracing if\nCONFIG_RISCV_ALTERNATIVE_EARLY is set.)\n\n__sbi_ecall triggers a snapshot of the ringbuffer. The snapshot code\nraises an IPI interrupt, which results in another call to __sbi_ecall\nand another snapshot...\n\nAll it takes to get into this endless loop is one initial __sbi_ecall.\nOn RISC-V systems without SSTC extension, the clock events in\ntimer-riscv.c issue periodic sbi ecalls, making the problem easy to\ntrigger.\n\nAlways exclude the sbi_ecall.c functions from tracing to fix the\npotential deadlock.\n\nsbi ecalls can easiliy be logged via trace events, excluding ecall\nfunctions from function tracing is not a big limitation."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nriscv: trace: corregir interbloqueo de instant\u00e1nea con sbi ecall\n\nSi las funciones de sbi_ecall.c son rastreables,\n\necho \u0027__sbi_ecall:snapshot\u0027 \u0026gt; /sys/kernel/tracing/set_ftrace_filter\n\npuede llevar al kernel a un interbloqueo.\n\n(Las funciones en sbi_ecall.c se excluyen del rastreo si CONFIG_RISCV_ALTERNATIVE_EARLY est\u00e1 configurado.)\n\n__sbi_ecall activa una instant\u00e1nea del ringbuffer. El c\u00f3digo de la instant\u00e1nea genera una interrupci\u00f3n IPI, lo que resulta en otra llamada a __sbi_ecall y otra instant\u00e1nea...\n\nTodo lo que se necesita para entrar en este bucle infinito es una __sbi_ecall inicial. En sistemas RISC-V sin la extensi\u00f3n SSTC, los eventos de reloj en timer-riscv.c emiten sbi ecalls peri\u00f3dicas, haciendo que el problema sea f\u00e1cil de activar.\n\nExcluir siempre las funciones de sbi_ecall.c del rastreo para corregir el interbloqueo potencial.\n\nLas sbi ecalls pueden registrarse f\u00e1cilmente a trav\u00e9s de eventos de rastreo, excluir las funciones ecall del rastreo de funciones no es una gran limitaci\u00f3n."
    }
  ],
  "id": "CVE-2026-23217",
  "lastModified": "2026-02-18T17:51:53.510",
  "metrics": {},
  "published": "2026-02-18T15:18:43.080",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b0d7f5f0c9f05f1b6d4ee7110f15bef9c11f9df0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b1f8285bc8e3508c1fde23b5205f1270215d4984"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.