CVE-2026-23434

ADVISORY - nist

Summary

In the Linux kernel, the following vulnerability has been resolved:

mtd: rawnand: serialize lock/unlock against other NAND operations

nand_lock() and nand_unlock() call into chip->ops.lock_area/unlock_area without holding the NAND device lock. On controllers that implement SET_FEATURES via multiple low-level PIO commands, these can race with concurrent UBI/UBIFS background erase/write operations that hold the device lock, resulting in cmd_pending conflicts on the NAND controller.

Add nand_get_device()/nand_release_device() around the lock/unlock operations to serialize them against all other NAND controller access.

EPSS Score: 0.00126 (0.027)

Common Weakness Enumeration (CWE)

ADVISORY - nist
ADVISORY - redhat

Missing Synchronization


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in