CVE-2026-31509
Published: Apr 22, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking dependency in nci_close_device nci_close_device() flushes rx_wq and tx_wq while holding req_lock. This causes a circular locking dependency because nci_rx_work() running on rx_wq can end up taking req_lock too: nci_rx_work -> nci_rx_data_packet -> nci_data_exchange_complete -> __sk_destruct -> rawsock_destruct -> nfc_deactivate_target -> nci_deactivate_target -> nci_request -> mutex_lock(&ndev->req_lock) Move the flush of rx_wq after req_lock has been released. This should safe (I think) because NCI_UP has already been cleared and the transport is closed, so the work will see it and return -ENETDOWN. NIPA has been hitting this running the nci selftest with a debug kernel on roughly 4% of the runs.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 6a2968aaf50c7a22fced77a5e24aa636281efca8 - < 7ed00a3edc8597fe2333f524401e2889aa1b5edfaffected 6a2968aaf50c7a22fced77a5e24aa636281efca8 - < 5eef9ebec7f5738f12cadede3545c05b34bf5ac3affected 6a2968aaf50c7a22fced77a5e24aa636281efca8 - < ca54e904a071aa65ef3ad46ba42d51aaac6b73b4affected 6a2968aaf50c7a22fced77a5e24aa636281efca8 - < eb435d150ca74b4d40f77f1a2266f3636ed64a79affected 6a2968aaf50c7a22fced77a5e24aa636281efca8 - < 1edc12d2bbcb7a8d0f1088e6fccb9d8c01bb1289+3 more versions |
Linux | Linux | affected 3.2unaffected 0 - < 3.2unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.168 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now