CVE-2026-23434

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contained a flaw where nand lock() and nand unlock() functions did not hold the NAND device lock when calling chip->ops.lock area/unlock area. This could lead to race conditions with concurrent UBI/UBIFS background erase/write operations, causing cmd pending conflicts on the NAND controller, particularly on controllers using multiple PIO commands for SET FEATURES. The issue was addressed by adding nand get device() and nand release device() around the lock/unlock operations to serialize them against other NAND controller access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.