PT-2026-8210 · Linux+2 · Linux Kernel+2

Published

2026-01-01

Updated

2026-06-04

CVE-2026-23202

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the tegra qspi combined seq xfer() function related to the curr xfer field. Specifically, the curr xfer field can be accessed by an interrupt request handler without proper locking, creating a race condition. This race condition occurs when clearing curr xfer within the combined sequence transfer loop and at the exit path of the function. Without adequate protection, the interrupt handler may read a partially updated or invalid curr xfer value, potentially leading to a NULL pointer dereference or a use-after-free condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2026-23202

ECHO-F992-DD2D-CB9B

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1041-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21114-1

SUSE-SU-2026:21123-1

SUSE-SU-2026:21255-1

SUSE-SU-2026:21284-1

USN-8100-1

USN-8163-1

USN-8163-2

USN-8278-1

USN-8278-2

USN-8296-1

USN-8296-2

USN-8393-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

PT-2026-8210 · Linux+2 · Linux Kernel+2

CVE-2026-23202

Weakness Enumeration

Related Identifiers

Affected Products

References · 2477