U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2026-23434 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nand_lock() and nand_unlock() call into chip->ops.lock_area/unlock_area without holding the NAND device lock. On controllers that implement SET_FEATURES via multiple low-level PIO commands, these can race with concurrent UBI/UBIFS background erase/write operations that hold the device lock, resulting in cmd_pending conflicts on the NAND controller. Add nand_get_device()/nand_release_device() around the lock/unlock operations to serialize them against all other NAND controller access.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/28ea836cc44cb8b89c1c174707ead0c1133c60e9 kernel.org Patch 
https://git.kernel.org/stable/c/5fd5c078af23cb353507aa522e09d557d7eaef04 kernel.org Patch 
https://git.kernel.org/stable/c/a80291e577b44593a724d6cd64c14337c78f194d kernel.org Patch 
https://git.kernel.org/stable/c/bab2bc6e850a697a23b9e5f0e21bb8c187615e95 kernel.org Patch 
https://git.kernel.org/stable/c/ce5229e78078e437704157eb542f43a6f83b429b kernel.org Patch 
https://git.kernel.org/stable/c/f25446e2c28939753d3b62d34dfda49952b2557d kernel.org Patch 
https://git.kernel.org/stable/c/f71ce0ae5aefe39dd5b2f996c0e08550d2153ad2 kernel.org Patch 
https://git.kernel.org/stable/c/fe4a73c3dd48308149d57a10c2761e1d36ced7ba kernel.org Patch 

Weakness Enumeration

CWE-ID CWE Name Source
NVD-CWE-noinfo Insufficient Information cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2026-23434
NVD Published Date:
04/03/2026
NVD Last Modified:
04/23/2026
Source:
kernel.org