{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23202","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:45.986Z","datePublished":"2026-02-14T16:27:26.365Z","dateUpdated":"2026-05-11T22:02:17.947Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:02:17.947Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer\n\nThe curr_xfer field is read by the IRQ handler without holding the lock\nto check if a transfer is in progress. When clearing curr_xfer in the\ncombined sequence transfer loop, protect it with the spinlock to prevent\na race with the interrupt handler.\n\nProtect the curr_xfer clearing at the exit path of\ntegra_qspi_combined_seq_xfer() with the spinlock to prevent a race\nwith the interrupt handler that reads this field.\n\nWithout this protection, the IRQ handler could read a partially updated\ncurr_xfer value, leading to NULL pointer dereference or use-after-free."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/spi/spi-tegra210-quad.c"],"versions":[{"version":"88db8bb7ed1bb474618acdf05ebd4f0758d244e2","lessThan":"9fa4262a80f751d14a6a39d2c03f57db68da2618","status":"affected","versionType":"git"},{"version":"83309dd551cfd60a5a1a98d9cab19f435b44d46d","lessThan":"762e2ce71c8f0238e9eaf05d14da803d9a24422f","status":"affected","versionType":"git"},{"version":"c934e40246da2c5726d14e94719c514e30840df8","lessThan":"712cde8d916889e282727cdf304a43683adf899e","status":"affected","versionType":"git"},{"version":"551060efb156c50fe33799038ba8145418cfdeef","lessThan":"6fd446178a610a48e80e5c5b487b0707cd01daac","status":"affected","versionType":"git"},{"version":"01bbf25c767219b14c3235bfa85906b8d2cb8fbc","lessThan":"3bc293d5b56502068481478842f57b3d96e432c7","status":"affected","versionType":"git"},{"version":"b4e002d8a7cee3b1d70efad0e222567f92a73000","lessThan":"bf4528ab28e2bf112c3a2cdef44fd13f007781cd","status":"affected","versionType":"git"},{"version":"bb0c58be84f907285af45657c1d4847b960a12bf","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/spi/spi-tegra210-quad.c"],"versions":[{"version":"5.15.198","lessThan":"5.15.200","status":"affected","versionType":"semver"},{"version":"6.1.160","lessThan":"6.1.163","status":"affected","versionType":"semver"},{"version":"6.6.120","lessThan":"6.6.124","status":"affected","versionType":"semver"},{"version":"6.12.63","lessThan":"6.12.70","status":"affected","versionType":"semver"},{"version":"6.18.2","lessThan":"6.18.10","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.198","versionEndExcluding":"5.15.200"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.160","versionEndExcluding":"6.1.163"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.120","versionEndExcluding":"6.6.124"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.63","versionEndExcluding":"6.12.70"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.2","versionEndExcluding":"6.18.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9fa4262a80f751d14a6a39d2c03f57db68da2618"},{"url":"https://git.kernel.org/stable/c/762e2ce71c8f0238e9eaf05d14da803d9a24422f"},{"url":"https://git.kernel.org/stable/c/712cde8d916889e282727cdf304a43683adf899e"},{"url":"https://git.kernel.org/stable/c/6fd446178a610a48e80e5c5b487b0707cd01daac"},{"url":"https://git.kernel.org/stable/c/3bc293d5b56502068481478842f57b3d96e432c7"},{"url":"https://git.kernel.org/stable/c/bf4528ab28e2bf112c3a2cdef44fd13f007781cd"}],"title":"spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer","x_generator":{"engine":"bippy-1.2.0"}}}}