CVE-2026-23434
Received Received - Intake
Race Condition in Linux Kernel NAND Controller Locking Causes Command Conflicts

Publication date: 2026-04-03

Last updated on: 2026-04-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nand_lock() and nand_unlock() call into chip->ops.lock_area/unlock_area without holding the NAND device lock. On controllers that implement SET_FEATURES via multiple low-level PIO commands, these can race with concurrent UBI/UBIFS background erase/write operations that hold the device lock, resulting in cmd_pending conflicts on the NAND controller. Add nand_get_device()/nand_release_device() around the lock/unlock operations to serialize them against all other NAND controller access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-04-27
Generated
2026-05-07
AI Q&A
2026-04-03
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23434
EUVD
EUVD-2026-18673
Affected Vendors & Products
Showing 15 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.7
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.167 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.78 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.20 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.10 (exc)
linux linux_kernel From 5.7.1 (inc) to 5.10.253 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's raw NAND memory driver. The functions nand_lock() and nand_unlock() call chip operations to lock and unlock areas without holding the NAND device lock. On controllers that implement SET_FEATURES using multiple low-level PIO commands, this can cause race conditions with concurrent background erase or write operations that do hold the device lock. These race conditions lead to command conflicts on the NAND controller.

The fix involves adding calls to nand_get_device() and nand_release_device() around the lock and unlock operations to ensure serialization against all other NAND controller accesses, preventing these race conditions.


How can this vulnerability impact me? :

This vulnerability can cause race conditions on the NAND controller, leading to command conflicts during NAND operations. Such conflicts may result in data corruption or instability in the NAND device's operation, potentially affecting system reliability and data integrity.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability in the Linux kernel related to NAND operations can be mitigated by ensuring that the kernel is updated to a version where the issue is resolved.

Specifically, the fix involves adding nand_get_device() and nand_release_device() calls around the lock/unlock operations to serialize them against other NAND controller accesses.

Therefore, the immediate step is to apply the patch or update the Linux kernel to the fixed version published on or after 2026-04-03.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart