Login Sign Up

CVE-2026-23182

N/A Unknown

📋 TL;DR

A memory leak vulnerability in the Linux kernel's Tegra SPI driver occurs when platform_get_irq() fails during device probe, causing allocated resources to not be properly freed. This affects systems using NVIDIA Tegra processors with the affected SPI driver. The vulnerability could lead to resource exhaustion over time.

💻 Affected Systems

Products:
  • Linux kernel with Tegra SPI driver
Versions: Specific kernel versions containing the vulnerable commit until patched versions
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with NVIDIA Tegra processors using the SPI driver; vulnerability triggers only when platform_get_irq() fails during device probe.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Continuous exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel panic.

🟠

Likely Case

Memory leak during device initialization failures, gradually consuming kernel memory until system becomes unstable or requires reboot.

🟢

If Mitigated

Minimal impact with proper monitoring and regular reboots; memory leak only occurs during specific initialization failures.

🌐 Internet-Facing: LOW - Requires local access to trigger the vulnerable code path; not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger the condition, but requires specific hardware/driver configuration.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to trigger IRQ allocation failure during SPI device initialization; not a typical remote attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits referenced in CVE

Vendor Advisory: https://git.kernel.org/stable/c/075415ae18b5b3e4d0187962d538653154216fe7

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fix commits 2. Rebuild kernel if using custom kernel 3. Reboot system to load patched kernel

🔧 Temporary Workarounds

Disable Tegra SPI driver

Linux

Prevent loading of vulnerable driver module

echo 'blacklist spi-tegra' >> /etc/modprobe.d/blacklist.conf
rmmod spi_tegra

🧯 If You Can't Patch

  • Monitor kernel memory usage for unusual increases
  • Implement regular system reboots to clear accumulated memory leaks

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if Tegra SPI driver is loaded: lsmod | grep spi_tegra && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and driver loads without errors in dmesg

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • Memory allocation failures in dmesg
  • SPI driver initialization errors

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("spi-tegra" OR "tegra_slink") AND ("memory" OR "leak" OR "allocation failure")

📊 Metadata

CVE ID: CVE-2026-23182
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON