5.5

CVE-2026-23202

spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer

In the Linux kernel, the following vulnerability has been resolved:

spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer

The curr_xfer field is read by the IRQ handler without holding the lock
to check if a transfer is in progress. When clearing curr_xfer in the
combined sequence transfer loop, protect it with the spinlock to prevent
a race with the interrupt handler.

Protect the curr_xfer clearing at the exit path of
tegra_qspi_combined_seq_xfer() with the spinlock to prevent a race
with the interrupt handler that reads this field.

Without this protection, the IRQ handler could read a partially updated
curr_xfer value, leading to NULL pointer dereference or use-after-free.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15.198 < 5.15.200
LinuxLinux Kernel Version >= 6.1.160 < 6.1.163
LinuxLinux Kernel Version >= 6.6.120 < 6.6.124
LinuxLinux Kernel Version >= 6.12.63 < 6.12.70
LinuxLinux Kernel Version >= 6.17.13 < 6.18
LinuxLinux Kernel Version >= 6.18.2 < 6.18.10
LinuxLinux Kernel Version6.19 Updaterc1
LinuxLinux Kernel Version6.19 Updaterc2
LinuxLinux Kernel Version6.19 Updaterc3
LinuxLinux Kernel Version6.19 Updaterc4
LinuxLinux Kernel Version6.19 Updaterc5
LinuxLinux Kernel Version6.19 Updaterc6
LinuxLinux Kernel Version6.19 Updaterc7
LinuxLinux Kernel Version6.19 Updaterc8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.016
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/9fa4262a80f751d14a6a39d2c03f57db68da2618
Patch
https://git.kernel.org/stable/c/762e2ce71c8f0238e9eaf05d14da803d9a24422f
Patch
https://git.kernel.org/stable/c/712cde8d916889e282727cdf304a43683adf899e
Patch
https://git.kernel.org/stable/c/6fd446178a610a48e80e5c5b487b0707cd01daac
Patch
https://git.kernel.org/stable/c/3bc293d5b56502068481478842f57b3d96e432c7
Patch
https://git.kernel.org/stable/c/bf4528ab28e2bf112c3a2cdef44fd13f007781cd
Patch