Login Sign Up

CVE-2026-23202

N/A Unknown

📋 TL;DR

A race condition vulnerability in the Linux kernel's Tegra SPI driver could allow an attacker to cause a kernel crash or potentially execute arbitrary code. This affects systems using NVIDIA Tegra processors with the vulnerable SPI driver. The vulnerability occurs when the interrupt handler reads a partially updated pointer during SPI transfers.

💻 Affected Systems

Products:
  • Linux kernel with tegra210-quad SPI driver
Versions: Linux kernel versions containing the vulnerable code (specific versions not specified in CVE)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with NVIDIA Tegra processors where the tegra210-quad SPI driver is loaded and used.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to kernel mode allowing full system compromise.

🟠

Likely Case

System crash or instability due to kernel NULL pointer dereference, causing denial of service.

🟢

If Mitigated

No impact if patched or if the vulnerable driver is not loaded/used.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger SPI operations.
🏢 Internal Only: MEDIUM - Local attackers or malicious processes could exploit this to crash systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger SPI operations. Race conditions can be difficult to reliably exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in kernel commits referenced in CVE

Vendor Advisory: https://git.kernel.org/stable/c/3bc293d5b56502068481478842f57b3d96e432c7

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Reboot system to load patched kernel. 3. Verify driver is no longer vulnerable.

🔧 Temporary Workarounds

Disable vulnerable driver

Linux

Prevent loading of the tegra210-quad SPI driver if not needed

echo 'blacklist spi-tegra210-quad' > /etc/modprobe.d/disable-tegra-spi.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

  • Restrict local access to systems using vulnerable driver
  • Monitor for kernel crashes or instability related to SPI operations

🔍 How to Verify

Check if Vulnerable:

Check if tegra210-quad driver is loaded: lsmod | grep tegra; check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits, ensure system stability during SPI operations

📡 Detection & Monitoring

Log Indicators:

  • Kernel NULL pointer dereference errors
  • System crashes or panics during SPI operations
  • OOPs messages in dmesg

Network Indicators:

  • None - local vulnerability only

SIEM Query:

search 'kernel: BUG: unable to handle kernel NULL pointer dereference' OR 'kernel: Oops' AND 'tegra' OR 'spi'

📊 Metadata

CVE ID: CVE-2026-23202
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON