CVE-2026-23202

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer<br /> <br /> The curr_xfer field is read by the IRQ handler without holding the lock<br /> to check if a transfer is in progress. When clearing curr_xfer in the<br /> combined sequence transfer loop, protect it with the spinlock to prevent<br /> a race with the interrupt handler.<br /> <br /> Protect the curr_xfer clearing at the exit path of<br /> tegra_qspi_combined_seq_xfer() with the spinlock to prevent a race<br /> with the interrupt handler that reads this field.<br /> <br /> Without this protection, the IRQ handler could read a partially updated<br /> curr_xfer value, leading to NULL pointer dereference or use-after-free.