CVE-2026-23207

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's Tegra210-quad SPI driver related to synchronization of the curr xfer variable within the interrupt request (IRQ) handler. Specifically, a race condition can occur when the interrupt service routine (ISR) thread and a timeout path concurrently access curr xfer. Without proper protection, the ISR thread might observe a non-NULL value for curr xfer, while the timeout path sets it to NULL. Subsequently, the handler functions (handle cpu based xfer() and handle dma based xfer()) could attempt to dereference a NULL pointer, leading to a system crash. The issue arises because the curr xfer check occurs before acquiring the spinlock, and the lock is released and reacquired later, creating a window for the race condition. The fix involves adding a NULL check within the handler functions after acquiring the lock to prevent dereferencing a NULL pointer if the timeout path has already cleared curr xfer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.