Skip to main content

Linux CVE-2026-23434

| EUVDEUVD-2026-18673 MEDIUM
2026-04-03 Linux GHSA-f5hq-62qq-fgrw
Medium
Disputed · 5.5 NVD
Share

Severity by source

Sources disagree (Low–High)
NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Red Hat
5.5 LOW
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

10
Severity Changed
Jul 14, 2026 - 13:22 NVD
HIGH MEDIUM
CVSS changed
Jul 14, 2026 - 13:22 NVD
7.1 (HIGH) 5.5 (MEDIUM)
Re-analysis Queued
Apr 27, 2026 - 14:22 vuln.today
cvss_changed
Severity Changed
Apr 27, 2026 - 14:22 NVD
MEDIUM HIGH
CVSS changed
Apr 27, 2026 - 14:22 NVD
5.5 (MEDIUM) 7.1 (HIGH)
CVSS changed
Apr 23, 2026 - 21:11 NVD
5.5 (MEDIUM)
Patch available
Apr 16, 2026 - 05:29 EUVD
5fd5c078af23cb353507aa522e09d557d7eaef04
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18673
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

mtd: rawnand: serialize lock/unlock against other NAND operations

nand_lock() and nand_unlock() call into chip->ops.lock_area/unlock_area without holding the NAND device lock. On controllers that implement SET_FEATURES via multiple low-level PIO commands, these can race with concurrent UBI/UBIFS background erase/write operations that hold the device lock, resulting in cmd_pending conflicts on the NAND controller.

Add nand_get_device()/nand_release_device() around the lock/unlock operations to serialize them against all other NAND controller access.

AnalysisAI

NAND flash device lock/unlock operations in the Linux kernel MTD subsystem can race with concurrent erase/write operations, causing cmd_pending conflicts on certain NAND controllers that use PIO-based SET_FEATURES. This race condition is resolved by serializing lock/unlock calls with the NAND device lock, preventing data corruption or system instability on affected controller implementations. The vulnerability affects all Linux kernel versions prior to the fix and is present in systems using raw NAND devices with specific controller hardware implementations.

Technical ContextAI

The vulnerability exists in the MTD (Memory Technology Devices) raw NAND subsystem of the Linux kernel. The nand_lock() and nand_unlock() functions call chip->ops.lock_area and chip->ops.unlock_area without holding the NAND device lock (nand_get_device/nand_release_device). On NAND controllers that implement SET_FEATURES via multiple sequential low-level PIO (programmed I/O) commands, concurrent operations from UBI (Unsorted Block Images) or UBIFS (Unsorted Block Images File System) background processes holding the device lock can interleave with these command sequences. This creates a classic race condition where multiple command sequences execute out of order, causing cmd_pending conflicts on the controller-essentially corrupting the command pipeline. The root cause is inadequate synchronization primitive usage in the lock/unlock code path, allowing unserialized access to shared hardware resources.

RemediationAI

Apply the Linux kernel patch from the upstream commit ce5229e78078e437704157eb542f43a6f83b429b (or corresponding backports a80291e577b44593a724d6cd64c14337c78f194d, f71ce0ae5aefe39dd5b2f996c0e08550d2153ad2, 5fd5c078af23cb353507aa522e09d557d7eaef04, f25446e2c28939753d3b62d34dfda49952b2557d, bab2bc6e850a697a23b9e5f0e21bb8c187615e95 for various stable branches). The fix wraps nand_lock() and nand_unlock() operations with nand_get_device() and nand_release_device() calls to serialize access against concurrent NAND operations. Upgrade to a stable kernel version that includes these commits. For systems unable to upgrade immediately, disable background UBI/UBIFS operations or avoid NAND lock/unlock operations during concurrent I/O if supported by the application layer, though this is generally not feasible for production systems. Patches are available via git.kernel.org/stable/c/ for all affected stable branches referenced in the commit links.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23434 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy