Cyber Resilience

CVE-2026-23434

High

Published: 03 April 2026

Published
03 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0003 9.5th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23434 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Endpoint Denial of Service (T1499); ranked at the 9.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2026-23434 is a race condition vulnerability in the Linux kernel's MTD raw NAND subsystem. Specifically, the nand_lock() and nand_unlock() functions invoke chip->ops.lock_area/unlock_area without acquiring the NAND device lock. On controllers implementing SET_FEATURES through multiple low-level PIO commands, this allows races with concurrent UBI/UBIFS background erase or write operations that hold the device lock, leading to cmd_pending conflicts on the NAND controller. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).

A local attacker with low privileges can exploit this issue with low complexity and no user interaction required. Exploitation triggers the race condition during concurrent NAND operations, resulting in high integrity and high availability impacts, such as cmd_pending conflicts that disrupt controller access and potentially corrupt NAND operations.

Mitigation involves applying upstream kernel patches that wrap the lock/unlock operations with nand_get_device() and nand_release_device() calls to serialize them against all other NAND controller accesses. Relevant stable branch commits are available at https://git.kernel.org/stable/c/28ea836cc44cb8b89c1c174707ead0c1133c60e9, https://git.kernel.org/stable/c/5fd5c078af23cb353507aa522e09d557d7eaef04, https://git.kernel.org/stable/c/a80291e577b44593a724d6cd64c14337c78f194d, https://git.kernel.org/stable/c/bab2bc6e850a697a23b9e5f0e21bb8c187615e95, and https://git.kernel.org/stable/c/ce5229e78078e437704157eb542f43a6f83b429b.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nand_lock() and nand_unlock() call into chip->ops.lock_area/unlock_area without holding the NAND device lock. On controllers that implement SET_FEATURES via multiple low-level PIO commands,…

more

these can race with concurrent UBI/UBIFS background erase/write operations that hold the device lock, resulting in cmd_pending conflicts on the NAND controller. Add nand_get_device()/nand_release_device() around the lock/unlock operations to serialize them against all other NAND controller access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499 Endpoint Denial of Service Impact
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Race condition enables local triggering of NAND controller conflicts for availability disruption (DoS) and stored data corruption/manipulation on flash.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-57926Same product: Linux Linux Kernel
CVE-2026-31470Same product: Linux Linux Kernel
CVE-2026-31436Same product: Linux Linux Kernel
CVE-2026-22997Same product: Linux Linux Kernel
CVE-2026-31666Same product: Linux Linux Kernel
CVE-2026-31407Same product: Linux Linux Kernel
CVE-2026-31464Same product: Linux Linux Kernel
CVE-2026-23395Same product: Linux Linux Kernel
CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-31558Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.7, 7.0 · 5.7.1 — 5.10.253 · 5.11 — 5.15.203 · 5.16 — 6.1.167

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of the race condition flaw in Linux kernel MTD raw NAND by applying patches that serialize nand_lock/unlock with nand_get_device/release_device.

detect

Vulnerability scanning detects the unpatched kernel version vulnerable to NAND lock race conditions with concurrent UBI/UBIFS operations.

prevent

Establishes and enforces secure configuration settings for the Linux kernel, including patched versions that prevent cmd_pending conflicts in NAND controllers.

References