CVE-2026-23434Missing Synchronization in Linux

CWE-820Missing Synchronization6 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nand_lock() and nand_unlock() call into chip->ops.lock_area/unlock_area without holding the NAND device lock. On controllers that implement SET_FEATURES via multiple low-level PIO commands, these can race with concurrent UBI/UBIFS background erase/write operations that hold the device lock, resulting in cmd_pending conflicts on the NAND controller. Add nand_get

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux92270086b7e5ada7ab381c06cc3da2e95ed17088ce5229e78078e437704157eb542f43a6f83b429b+6
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
GHSA
GHSA-f5hq-62qq-fgrw: In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nand_lock() an2026-04-03
OSV
CVE-2026-23434: In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nand_lock() and2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: mtd: rawnand: serialize lock/unlock against other NAND operations2026-04-03
Debian
CVE-2026-23434: linux - In the Linux kernel, the following vulnerability has been resolved: mtd: rawnan...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23434 Impact, Exploitability, and Mitigation Steps | Wiz