GHSA-f5hq-62qq-fgrwMediumCVSS 5.5

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock...

Published
April 3, 2026
Last Modified
July 14, 2026

🔗 CVE IDs covered (1)

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

mtd: rawnand: serialize lock/unlock against other NAND operations

nand_lock() and nand_unlock() call into chip->ops.lock_area/unlock_area without holding the NAND device lock. On controllers that implement SET_FEATURES via multiple low-level PIO commands, these can race with concurrent UBI/UBIFS background erase/write operations that hold the device lock, resulting in cmd_pending conflicts on the NAND controller.

Add nand_get_device()/nand_release_device() around the lock/unlock operations to serialize them against all other NAND controller access.

🔗 References (12)