CVE-2026-23434 in Kernel
요약 (영어)
In the Linux kernel, the following vulnerability has been resolved:
mtd: rawnand: serialize lock/unlock against other NAND operations
nand_lock() and nand_unlock() call into chip->ops.lock_area/unlock_area
without holding the NAND device lock. On controllers that implement
SET_FEATURES via multiple low-level PIO commands, these can race with
concurrent UBI/UBIFS background erase/write operations that hold the
device lock, resulting in cmd_pending conflicts on the NAND controller.
Add nand_get_device()/nand_release_device() around the lock/unlock
operations to serialize them against all other NAND controller access.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
책임이 있는
Linux
예약하다
2026. 01. 13.
공개
2026. 04. 03.
상태
확인됨
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 355114 | Linux Kernel mtd nand_lock 권한 상승 | 502 | 정의되지 않음 | 공식 수정 | CVE-2026-23434 |