{"id":"CVE-2026-23434","summary":"mtd: rawnand: serialize lock/unlock against other NAND operations","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: serialize lock/unlock against other NAND operations\n\nnand_lock() and nand_unlock() call into chip-\u003eops.lock_area/unlock_area\nwithout holding the NAND device lock. On controllers that implement\nSET_FEATURES via multiple low-level PIO commands, these can race with\nconcurrent UBI/UBIFS background erase/write operations that hold the\ndevice lock, resulting in cmd_pending conflicts on the NAND controller.\n\nAdd nand_get_device()/nand_release_device() around the lock/unlock\noperations to serialize them against all other NAND controller access.","modified":"2026-06-04T09:14:15.923769132Z","published":"2026-04-03T15:15:19.450Z","related":["SUSE-SU-2026:21841-1","SUSE-SU-2026:21845-1","SUSE-SU-2026:21860-1","SUSE-SU-2026:21876-1","SUSE-SU-2026:21877-1","SUSE-SU-2026:21916-1","SUSE-SU-2026:21919-1","SUSE-SU-2026:2217-1","SUSE-SU-2026:2238-1","openSUSE-SU-2026:20826-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23434.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/28ea836cc44cb8b89c1c174707ead0c1133c60e9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5fd5c078af23cb353507aa522e09d557d7eaef04"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a80291e577b44593a724d6cd64c14337c78f194d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bab2bc6e850a697a23b9e5f0e21bb8c187615e95"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ce5229e78078e437704157eb542f43a6f83b429b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f25446e2c28939753d3b62d34dfda49952b2557d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f71ce0ae5aefe39dd5b2f996c0e08550d2153ad2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fe4a73c3dd48308149d57a10c2761e1d36ced7ba"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23434.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23434"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"92270086b7e5ada7ab381c06cc3da2e95ed17088"},{"fixed":"28ea836cc44cb8b89c1c174707ead0c1133c60e9"},{"fixed":"fe4a73c3dd48308149d57a10c2761e1d36ced7ba"},{"fixed":"ce5229e78078e437704157eb542f43a6f83b429b"},{"fixed":"a80291e577b44593a724d6cd64c14337c78f194d"},{"fixed":"f71ce0ae5aefe39dd5b2f996c0e08550d2153ad2"},{"fixed":"5fd5c078af23cb353507aa522e09d557d7eaef04"},{"fixed":"f25446e2c28939753d3b62d34dfda49952b2557d"},{"fixed":"bab2bc6e850a697a23b9e5f0e21bb8c187615e95"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23434.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.7.0"},{"fixed":"5.10.253"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.203"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.167"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.130"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.78"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.20"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23434.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}]}