CVE-2026-23202

EUVD-2026-5842

14.02.2026, 17:15

In the Linux kernel, the following vulnerability has been resolved:

spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer

The curr_xfer field is read by the IRQ handler without holding the lock
to check if a transfer is in progress. When clearing curr_xfer in the
combined sequence transfer loop, protect it with the spinlock to prevent
a race with the interrupt handler.

Protect the curr_xfer clearing at the exit path of
tegra_qspi_combined_seq_xfer() with the spinlock to prevent a race
with the interrupt handler that reads this field.

Without this protection, the IRQ handler could read a partially updated
curr_xfer value, leading to NULL pointer dereference or use-after-free.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	5.15.198 ≤ 𝑥 < 5.15.200
linux	linux_kernel	6.1.160 ≤ 𝑥 < 6.1.163
linux	linux_kernel	6.6.120 ≤ 𝑥 < 6.6.124
linux	linux_kernel	6.12.63 ≤ 𝑥 < 6.12.70
linux	linux_kernel	6.17.13 ≤ 𝑥 < 6.18
linux	linux_kernel	6.18.2 ≤ 𝑥 < 6.18.10
linux	linux_kernel	6.19:rc1
linux	linux_kernel	6.19:rc2
linux	linux_kernel	6.19:rc3
linux	linux_kernel	6.19:rc4
linux	linux_kernel	6.19:rc5
linux	linux_kernel	6.19:rc6
linux	linux_kernel	6.19:rc7
linux	linux_kernel	6.19:rc8

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	6.1.164-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.251-1 fixed
forky	6.19.10-1 fixed
sid	6.19.11-1 fixed
trixie	6.12.73-1 fixed
trixie (security)	6.12.74-2 fixed

linux-6.1

bullseye	not-affected
bullseye (security)	6.1.164-1~deb11u1 fixed

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Published: 2026-02-15T23:00:00+00:00

References

https://git.kernel.org/stable/c/3bc293d5b56502068481478842f57b3d96e432c7

https://git.kernel.org/stable/c/6fd446178a610a48e80e5c5b487b0707cd01daac

https://git.kernel.org/stable/c/712cde8d916889e282727cdf304a43683adf899e

https://git.kernel.org/stable/c/762e2ce71c8f0238e9eaf05d14da803d9a24422f

https://git.kernel.org/stable/c/9fa4262a80f751d14a6a39d2c03f57db68da2618

https://git.kernel.org/stable/c/bf4528ab28e2bf112c3a2cdef44fd13f007781cd