CVE-2026-23207

Description

In the Linux kernel, the following vulnerability has been resolved:spi: tegra210-quad: Protect curr_xfer check in IRQ handlerNow that all other accesses to curr_xfer are done under the lock,protect the curr_xfer null check in tegra_qspi_isr_thread() with thespinlock. Without this protection, the following race can occur: CPU0 (ISR thread) CPU1 (timeout path) ---------------- ------------------- if (!tqspi->curr_xfer) // sees non-null spin_lock() tqspi->curr_xfer = null spin_unlock() handle_*_xfer() spin_lock() t = tqspi->curr_xfer // null! ... t->len ... // null dereference!With this patch, all curr_xfer accesses are now properly synchronized.Although all accesses to curr_xfer are done under the lock, integra_qspi_isr_thread() it checks for null, releases the lock andreacquires it later in handle_cpu_based_xfer()/handle_dma_based_xfer().There is a potential for an update in between, which could cause a nullpointer dereference.To handle this, add a null check inside the handlers after acquiringthe lock. This ensures that if the timeout path has already clearedcurr_xfer, the handler will safely return without dereferencing thenull pointer.

Risk Information

Base Score

5.5

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.024

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234