5.5

CVE-2025-71079

net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write

In the Linux kernel, the following vulnerability has been resolved:

net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write

A deadlock can occur between nfc_unregister_device() and rfkill_fop_write()
due to lock ordering inversion between device_lock and rfkill_global_mutex.

The problematic lock order is:

Thread A (rfkill_fop_write):
  rfkill_fop_write()
    mutex_lock(&rfkill_global_mutex)
      rfkill_set_block()
        nfc_rfkill_set_block()
          nfc_dev_down()
            device_lock(&dev->dev)    <- waits for device_lock

Thread B (nfc_unregister_device):
  nfc_unregister_device()
    device_lock(&dev->dev)
      rfkill_unregister()
        mutex_lock(&rfkill_global_mutex)  <- waits for rfkill_global_mutex

This creates a classic ABBA deadlock scenario.

Fix this by moving rfkill_unregister() and rfkill_destroy() outside the
device_lock critical section. Store the rfkill pointer in a local variable
before releasing the lock, then call rfkill_unregister() after releasing
device_lock.

This change is safe because rfkill_fop_write() holds rfkill_global_mutex
while calling the rfkill callbacks, and rfkill_unregister() also acquires
rfkill_global_mutex before cleanup. Therefore, rfkill_unregister() will
wait for any ongoing callback to complete before proceeding, and
device_del() is only called after rfkill_unregister() returns, preventing
any use-after-free.

The similar lock ordering in nfc_register_device() (device_lock ->
rfkill_global_mutex via rfkill_register) is safe because during
registration the device is not yet in rfkill_list, so no concurrent
rfkill operations can occur on this device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.4.293 < 4.5
LinuxLinux Kernel Version >= 4.9.291 < 4.10
LinuxLinux Kernel Version >= 4.14.256 < 4.15
LinuxLinux Kernel Version >= 4.19.218 < 4.20
LinuxLinux Kernel Version >= 5.4.162 < 5.5
LinuxLinux Kernel Version >= 5.10.82 < 5.10.248
LinuxLinux Kernel Version >= 5.15.5 < 5.15.198
LinuxLinux Kernel Version >= 5.16.1 < 6.1.160
LinuxLinux Kernel Version >= 6.2 < 6.6.120
LinuxLinux Kernel Version >= 6.7 < 6.12.64
LinuxLinux Kernel Version >= 6.13 < 6.18.4
LinuxLinux Kernel Version5.16 Update-
LinuxLinux Kernel Version6.19 Updaterc1
LinuxLinux Kernel Version6.19 Updaterc2
LinuxLinux Kernel Version6.19 Updaterc3
LinuxLinux Kernel Version6.19 Updaterc4
LinuxLinux Kernel Version6.19 Updaterc5
LinuxLinux Kernel Version6.19 Updaterc6
LinuxLinux Kernel Version6.19 Updaterc7
LinuxLinux Kernel Version6.19 Updaterc8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.005
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.kernel.org/stable/c/ee41f4f3ccf8cd6ba3732e867abbec7e6d8d12e5
Patch
https://git.kernel.org/stable/c/6b93c8ab6f6cda8818983a4ae3fcf84b023037b4
Patch
https://git.kernel.org/stable/c/8fc4632fb508432895430cd02b38086bdd649083
Patch
https://git.kernel.org/stable/c/f3a8a7c1aa278f2378b2f3a10500c6674dffdfda
Patch
https://git.kernel.org/stable/c/1ab526d97a57e44d26fadcc0e9adeb9c0c0182f5
Patch
https://git.kernel.org/stable/c/2e0831e9fc46a06daa6d4d8d57a2738e343130c3
Patch
https://git.kernel.org/stable/c/e02a1c33f10a0ed3aba855ab8ae2b6c4c5be8012
Patch