-

CVE-2025-71079

In the Linux kernel, the following vulnerability has been resolved:

net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write

A deadlock can occur between nfc_unregister_device() and rfkill_fop_write()
due to lock ordering inversion between device_lock and rfkill_global_mutex.

The problematic lock order is:

Thread A (rfkill_fop_write):
  rfkill_fop_write()
    mutex_lock(&rfkill_global_mutex)
      rfkill_set_block()
        nfc_rfkill_set_block()
          nfc_dev_down()
            device_lock(&dev->dev)    <- waits for device_lock

Thread B (nfc_unregister_device):
  nfc_unregister_device()
    device_lock(&dev->dev)
      rfkill_unregister()
        mutex_lock(&rfkill_global_mutex)  <- waits for rfkill_global_mutex

This creates a classic ABBA deadlock scenario.

Fix this by moving rfkill_unregister() and rfkill_destroy() outside the
device_lock critical section. Store the rfkill pointer in a local variable
before releasing the lock, then call rfkill_unregister() after releasing
device_lock.

This change is safe because rfkill_fop_write() holds rfkill_global_mutex
while calling the rfkill callbacks, and rfkill_unregister() also acquires
rfkill_global_mutex before cleanup. Therefore, rfkill_unregister() will
wait for any ongoing callback to complete before proceeding, and
device_del() is only called after rfkill_unregister() returns, preventing
any use-after-free.

The similar lock ordering in nfc_register_device() (device_lock ->
rfkill_global_mutex via rfkill_register) is safe because during
registration the device is not yet in rfkill_list, so no concurrent
rfkill operations can occur on this device.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 2e0831e9fc46a06daa6d4d8d57a2738e343130c3
Version 73a0d12114b4bc1a9def79a623264754b9df698e
Status affected
Version < e02a1c33f10a0ed3aba855ab8ae2b6c4c5be8012
Version 8a9c61c3ef187d8891225f9b932390670a43a0d3
Status affected
Version < ee41f4f3ccf8cd6ba3732e867abbec7e6d8d12e5
Version 3e3b5dfcd16a3e254aab61bd1e8c417dd4503102
Status affected
Version < 6b93c8ab6f6cda8818983a4ae3fcf84b023037b4
Version 3e3b5dfcd16a3e254aab61bd1e8c417dd4503102
Status affected
Version < 8fc4632fb508432895430cd02b38086bdd649083
Version 3e3b5dfcd16a3e254aab61bd1e8c417dd4503102
Status affected
Version < f3a8a7c1aa278f2378b2f3a10500c6674dffdfda
Version 3e3b5dfcd16a3e254aab61bd1e8c417dd4503102
Status affected
Version < 1ab526d97a57e44d26fadcc0e9adeb9c0c0182f5
Version 3e3b5dfcd16a3e254aab61bd1e8c417dd4503102
Status affected
Version 5ef16d2d172ee56714cff37cd005b98aba08ef5a
Status affected
Version ff169909eac9e00bf1aa0af739ba6ddfb1b1d135
Status affected
Version 47244ac0b65bd74cc70007d8e1bac68bd2baad19
Status affected
Version c45cea83e13699bdfd47842e04d09dd43af4c371
Status affected
Version 307d2e6cebfca9d92f86c8e2c8e3dd4a8be46ba6
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.16
Status affected
Version < 5.16
Version 0
Status unaffected
Version <= 5.10.*
Version 5.10.248
Status unaffected
Version <= 5.15.*
Version 5.15.198
Status unaffected
Version <= 6.1.*
Version 6.1.160
Status unaffected
Version <= 6.6.*
Version 6.6.120
Status unaffected
Version <= 6.12.*
Version 6.12.64
Status unaffected
Version <= 6.18.*
Version 6.18.4
Status unaffected
Version <= *
Version 6.19-rc4
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.088
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.