Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Linux Kernel: Tegra Quad SPI Driver Data Corruption Risk
CVE-2026-23202
Summary
This Linux kernel security issue affects devices using the Tegra quad SPI driver. If left unpatched, it could cause data corruption or crashes due to a race condition between the driver and interrupt handler. Update your Linux kernel to the fixed version to prevent these issues.
Original title
In the Linux kernel, the following vulnerability has been resolved:
spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer
The curr_xfer field is read by the IRQ handler without ho...
Original description
In the Linux kernel, the following vulnerability has been resolved:
spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer
The curr_xfer field is read by the IRQ handler without holding the lock
to check if a transfer is in progress. When clearing curr_xfer in the
combined sequence transfer loop, protect it with the spinlock to prevent
a race with the interrupt handler.
Protect the curr_xfer clearing at the exit path of
tegra_qspi_combined_seq_xfer() with the spinlock to prevent a race
with the interrupt handler that reads this field.
Without this protection, the IRQ handler could read a partially updated
curr_xfer value, leading to NULL pointer dereference or use-after-free.
spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer
The curr_xfer field is read by the IRQ handler without holding the lock
to check if a transfer is in progress. When clearing curr_xfer in the
combined sequence transfer loop, protect it with the spinlock to prevent
a race with the interrupt handler.
Protect the curr_xfer clearing at the exit path of
tegra_qspi_combined_seq_xfer() with the spinlock to prevent a race
with the interrupt handler that reads this field.
Without this protection, the IRQ handler could read a partially updated
curr_xfer value, leading to NULL pointer dereference or use-after-free.
- https://git.kernel.org/stable/c/3bc293d5b56502068481478842f57b3d96e432c7
- https://git.kernel.org/stable/c/6fd446178a610a48e80e5c5b487b0707cd01daac
- https://git.kernel.org/stable/c/712cde8d916889e282727cdf304a43683adf899e
- https://git.kernel.org/stable/c/762e2ce71c8f0238e9eaf05d14da803d9a24422f
- https://git.kernel.org/stable/c/9fa4262a80f751d14a6a39d2c03f57db68da2618
- https://git.kernel.org/stable/c/bf4528ab28e2bf112c3a2cdef44fd13f007781cd
Published: 14 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026