CVE-2026-23434
Received Received - Intake
Race Condition in Linux Kernel NAND Controller Locking Causes Command Conflicts

Publication date: 2026-04-03

Last updated on: 2026-04-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nand_lock() and nand_unlock() call into chip->ops.lock_area/unlock_area without holding the NAND device lock. On controllers that implement SET_FEATURES via multiple low-level PIO commands, these can race with concurrent UBI/UBIFS background erase/write operations that hold the device lock, resulting in cmd_pending conflicts on the NAND controller. Add nand_get_device()/nand_release_device() around the lock/unlock operations to serialize them against all other NAND controller access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23434
EUVD
EUVD-2026-18673
Affected Vendors & Products
Showing 15 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.7
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.167 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.78 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.20 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.10 (exc)
linux linux_kernel From 5.7.1 (inc) to 5.10.253 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's raw NAND memory driver. The functions nand_lock() and nand_unlock() call chip operations to lock and unlock areas without holding the NAND device lock. On controllers that implement SET_FEATURES using multiple low-level PIO commands, this can cause race conditions with concurrent background erase or write operations that do hold the device lock. These race conditions lead to command conflicts on the NAND controller.

The fix involves adding calls to nand_get_device() and nand_release_device() around the lock and unlock operations to ensure serialization against all other NAND controller accesses, preventing these race conditions.

Impact Analysis

This vulnerability can cause race conditions on the NAND controller, leading to command conflicts during NAND operations. Such conflicts may result in data corruption or instability in the NAND device's operation, potentially affecting system reliability and data integrity.

Mitigation Strategies

The vulnerability in the Linux kernel related to NAND operations can be mitigated by ensuring that the kernel is updated to a version where the issue is resolved.

Specifically, the fix involves adding nand_get_device() and nand_release_device() calls around the lock/unlock operations to serialize them against other NAND controller accesses.

Therefore, the immediate step is to apply the patch or update the Linux kernel to the fixed version published on or after 2026-04-03.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23434. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart