CVE-2026-23434

| EUVD-2026-18673
2026-04-03 Linux GHSA-f5hq-62qq-fgrw

Lifecycle Timeline

3
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18673
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

Tags

Linux Linux Kernel Race Condition

Description

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nand_lock() and nand_unlock() call into chip->ops.lock_area/unlock_area without holding the NAND device lock. On controllers that implement SET_FEATURES via multiple low-level PIO commands, these can race with concurrent UBI/UBIFS background erase/write operations that hold the device lock, resulting in cmd_pending conflicts on the NAND controller. Add nand_get_device()/nand_release_device() around the lock/unlock operations to serialize them against all other NAND controller access.

Analysis

NAND flash device lock/unlock operations in the Linux kernel MTD subsystem can race with concurrent erase/write operations, causing cmd_pending conflicts on certain NAND controllers that use PIO-based SET_FEATURES. This race condition is resolved by serializing lock/unlock calls with the NAND device lock, preventing data corruption or system instability on affected controller implementations. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2026-23434 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy