{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23182", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.984Z", "datePublished": "2026-02-14T16:27:12.806Z", "dateUpdated": "2026-05-11T22:01:54.479Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:01:54.479Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra: Fix a memory leak in tegra_slink_probe()\n\nIn tegra_slink_probe(), when platform_get_irq() fails, it directly\nreturns from the function with an error code, which causes a memory leak.\n\nReplace it with a goto label to ensure proper cleanup."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-tegra20-slink.c"], "versions": [{"version": "b64683f5d7282f7b160e9867e33cdac00b5c792b", "lessThan": "6a04dc650cef8d52a1ccb4ae245dbe318ffff32e", "status": "affected", "versionType": "git"}, {"version": "5c25f89c00b97844d0427f0f96818a15714bd609", "lessThan": "327b71326cc1834bc031e8f52a470a18dfd9caa6", "status": "affected", "versionType": "git"}, {"version": "46ee23101f32a1ced5335d5407d5ecffd160ccdf", "lessThan": "126a09f4fcd2b895a818ca43fde078d907c1ac9a", "status": "affected", "versionType": "git"}, {"version": "eb9913b511f10968a02cfa5329a896855dd152a3", "lessThan": "075415ae18b5b3e4d0187962d538653154216fe7", "status": "affected", "versionType": "git"}, {"version": "eb9913b511f10968a02cfa5329a896855dd152a3", "lessThan": "b8eec12aa666c11f8a6ad1488c568f85c58875fa", "status": "affected", "versionType": "git"}, {"version": "eb9913b511f10968a02cfa5329a896855dd152a3", "lessThan": "41d9a6795b95d6ea28439ac1e9ce8c95bbca20fc", "status": "affected", "versionType": "git"}, {"version": "4eb8065494ca19caba3f45fc83941fd568a8c3cd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-tegra20-slink.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.200", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.163", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.124", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.70", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.10", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.139", "versionEndExcluding": "5.15.200"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.63", "versionEndExcluding": "6.1.163"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.2", "versionEndExcluding": "6.6.124"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.12.70"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.18.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5.12"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6a04dc650cef8d52a1ccb4ae245dbe318ffff32e"}, {"url": "https://git.kernel.org/stable/c/327b71326cc1834bc031e8f52a470a18dfd9caa6"}, {"url": "https://git.kernel.org/stable/c/126a09f4fcd2b895a818ca43fde078d907c1ac9a"}, {"url": "https://git.kernel.org/stable/c/075415ae18b5b3e4d0187962d538653154216fe7"}, {"url": "https://git.kernel.org/stable/c/b8eec12aa666c11f8a6ad1488c568f85c58875fa"}, {"url": "https://git.kernel.org/stable/c/41d9a6795b95d6ea28439ac1e9ce8c95bbca20fc"}], "title": "spi: tegra: Fix a memory leak in tegra_slink_probe()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra: Fix a memory leak in tegra_slink_probe()\n\nIn tegra_slink_probe(), when platform_get_irq() fails, it directly\nreturns from the function with an error code, which causes a memory leak.\n\nReplace it with a goto label to ensure proper cleanup."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nspi: tegra: Correcci\u00f3n de una fuga de memoria en tegra_slink_probe()\n\nEn tegra_slink_probe(), cuando platform_get_irq() falla, retorna directamente de la funci\u00f3n con un c\u00f3digo de error, lo que provoca una fuga de memoria.\n\nReemplazarlo con una etiqueta goto para garantizar una limpieza adecuada."}], "id": "CVE-2026-23182", "lastModified": "2026-04-15T14:34:27.800", "metrics": {}, "published": "2026-02-14T17:15:55.960", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/075415ae18b5b3e4d0187962d538653154216fe7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/126a09f4fcd2b895a818ca43fde078d907c1ac9a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/327b71326cc1834bc031e8f52a470a18dfd9caa6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/41d9a6795b95d6ea28439ac1e9ce8c95bbca20fc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6a04dc650cef8d52a1ccb4ae245dbe318ffff32e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b8eec12aa666c11f8a6ad1488c568f85c58875fa"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: spi: tegra: Fix a memory leak in tegra_slink_probe()", "id": "2439938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439938"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2026-23182", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23182\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23182\nhttps://lore.kernel.org/linux-cve-announce/2026021430-CVE-2026-23182-651e@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b64683f5d7282f7b160e9867e33cdac00b5c792b,6a04dc650cef8d52a1ccb4ae245dbe318ffff32e)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[5c25f89c00b97844d0427f0f96818a15714bd609,327b71326cc1834bc031e8f52a470a18dfd9caa6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[46ee23101f32a1ced5335d5407d5ecffd160ccdf,126a09f4fcd2b895a818ca43fde078d907c1ac9a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[eb9913b511f10968a02cfa5329a896855dd152a3,075415ae18b5b3e4d0187962d538653154216fe7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[eb9913b511f10968a02cfa5329a896855dd152a3,b8eec12aa666c11f8a6ad1488c568f85c58875fa)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[eb9913b511f10968a02cfa5329a896855dd152a3,41d9a6795b95d6ea28439ac1e9ce8c95bbca20fc)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "4eb8065494ca19caba3f45fc83941fd568a8c3cd"}}], "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.7"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.7)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[5.15.200,5.15.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.1.163,6.1.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.6.124,6.6.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.12.70,6.12.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.18.10,6.18.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19,*]"}}], "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-18T12:15:08.035661+00:00", "value": {"mitigation_remediation": ["Upgrade the kernel to a version that contains the tegra_slink_probe memory\u2011leak fix (e.g., the latest Linux kernel 6.9.x or later as indicated by the commit references).", "Verify that the tegra_slink driver is correctly loaded and that stack traces do not indicate platform_get_irq failures; if such failures occur, ensure the system can recover without excessive memory churn.", "If upgrading the kernel is not immediately feasible, consider disabling the tegra_slink module or driver until the patch is applied to prevent the leak from accumulating."], "summary": {"action": "Apply Patch", "impact": "Memory Leak"}, "threat_synthesis": {"affected_systems": "The flaw affects Linux kernels that include the tegra_slink probe, typically found in NVIDIA Tegra-based devices and distributions that ship a Tegra\u2011capable kernel. Specific versions are not enumerated in the report, but any kernel build that contains the tegra_slink driver prior to the patch commit will be susceptible. Users should consult their distribution\u2019s kernel changelog or the referenced commit URLs to confirm whether the local kernel includes the fix.", "description_and_impact": "The vulnerability resides in the Linux kernel\u2019s Tegra SPI driver, specifically in the tegra_slink_probe function. When calling platform_get_irq fails, the function returns immediately, bypassing cleanup and leaving allocated resources in memory. Although this flaw cannot be directly leveraged for code execution or privilege escalation, repeated failures can deplete kernel memory over time, potentially degrading system performance, triggering out\u2011of\u2011memory conditions, or causing system instability. The weakness is a classic example of a memory leak, which can be especially problematic on embedded Tegra platforms with limited memory budgets.", "risk_and_exploitability": "The CVE carries a very low exploitation probability, as evidenced by an EPSS score of less than 1%, and it is not listed in the CISA KEV catalog. The attack vector is inferred to be local, requiring the attacker to trigger errors in the platform_get_irq path, which is generally limited to privileged system operations or manufacturing conditions. Because the issue is a resource exhaustion flaw rather than an immediate security breach, the overall threat remains low to moderate but warrants remediation to preserve system reliability."}}}}, "created": "2026-02-16T09:43:54.332081+00:00", "updated": "2026-04-18T12:15:15.791640+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-401"]}