{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-71079","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:30:19.648Z","datePublished":"2026-01-13T15:34:44.136Z","dateUpdated":"2026-05-11T21:54:19.898Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:54:19.898Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write\n\nA deadlock can occur between nfc_unregister_device() and rfkill_fop_write()\ndue to lock ordering inversion between device_lock and rfkill_global_mutex.\n\nThe problematic lock order is:\n\nThread A (rfkill_fop_write):\n  rfkill_fop_write()\n    mutex_lock(&rfkill_global_mutex)\n      rfkill_set_block()\n        nfc_rfkill_set_block()\n          nfc_dev_down()\n            device_lock(&dev->dev)    <- waits for device_lock\n\nThread B (nfc_unregister_device):\n  nfc_unregister_device()\n    device_lock(&dev->dev)\n      rfkill_unregister()\n        mutex_lock(&rfkill_global_mutex)  <- waits for rfkill_global_mutex\n\nThis creates a classic ABBA deadlock scenario.\n\nFix this by moving rfkill_unregister() and rfkill_destroy() outside the\ndevice_lock critical section. Store the rfkill pointer in a local variable\nbefore releasing the lock, then call rfkill_unregister() after releasing\ndevice_lock.\n\nThis change is safe because rfkill_fop_write() holds rfkill_global_mutex\nwhile calling the rfkill callbacks, and rfkill_unregister() also acquires\nrfkill_global_mutex before cleanup. Therefore, rfkill_unregister() will\nwait for any ongoing callback to complete before proceeding, and\ndevice_del() is only called after rfkill_unregister() returns, preventing\nany use-after-free.\n\nThe similar lock ordering in nfc_register_device() (device_lock ->\nrfkill_global_mutex via rfkill_register) is safe because during\nregistration the device is not yet in rfkill_list, so no concurrent\nrfkill operations can occur on this device."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/nfc/core.c"],"versions":[{"version":"73a0d12114b4bc1a9def79a623264754b9df698e","lessThan":"2e0831e9fc46a06daa6d4d8d57a2738e343130c3","status":"affected","versionType":"git"},{"version":"8a9c61c3ef187d8891225f9b932390670a43a0d3","lessThan":"e02a1c33f10a0ed3aba855ab8ae2b6c4c5be8012","status":"affected","versionType":"git"},{"version":"3e3b5dfcd16a3e254aab61bd1e8c417dd4503102","lessThan":"ee41f4f3ccf8cd6ba3732e867abbec7e6d8d12e5","status":"affected","versionType":"git"},{"version":"3e3b5dfcd16a3e254aab61bd1e8c417dd4503102","lessThan":"6b93c8ab6f6cda8818983a4ae3fcf84b023037b4","status":"affected","versionType":"git"},{"version":"3e3b5dfcd16a3e254aab61bd1e8c417dd4503102","lessThan":"8fc4632fb508432895430cd02b38086bdd649083","status":"affected","versionType":"git"},{"version":"3e3b5dfcd16a3e254aab61bd1e8c417dd4503102","lessThan":"f3a8a7c1aa278f2378b2f3a10500c6674dffdfda","status":"affected","versionType":"git"},{"version":"3e3b5dfcd16a3e254aab61bd1e8c417dd4503102","lessThan":"1ab526d97a57e44d26fadcc0e9adeb9c0c0182f5","status":"affected","versionType":"git"},{"version":"5ef16d2d172ee56714cff37cd005b98aba08ef5a","status":"affected","versionType":"git"},{"version":"ff169909eac9e00bf1aa0af739ba6ddfb1b1d135","status":"affected","versionType":"git"},{"version":"47244ac0b65bd74cc70007d8e1bac68bd2baad19","status":"affected","versionType":"git"},{"version":"c45cea83e13699bdfd47842e04d09dd43af4c371","status":"affected","versionType":"git"},{"version":"307d2e6cebfca9d92f86c8e2c8e3dd4a8be46ba6","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/nfc/core.c"],"versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","status":"unaffected","versionType":"semver"},{"version":"5.10.248","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.198","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.160","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.120","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.64","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.4","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.82","versionEndExcluding":"5.10.248"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.5","versionEndExcluding":"5.15.198"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.160"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.6.120"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.12.64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.18.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.293"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.291"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.256"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.218"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.162"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2e0831e9fc46a06daa6d4d8d57a2738e343130c3"},{"url":"https://git.kernel.org/stable/c/e02a1c33f10a0ed3aba855ab8ae2b6c4c5be8012"},{"url":"https://git.kernel.org/stable/c/ee41f4f3ccf8cd6ba3732e867abbec7e6d8d12e5"},{"url":"https://git.kernel.org/stable/c/6b93c8ab6f6cda8818983a4ae3fcf84b023037b4"},{"url":"https://git.kernel.org/stable/c/8fc4632fb508432895430cd02b38086bdd649083"},{"url":"https://git.kernel.org/stable/c/f3a8a7c1aa278f2378b2f3a10500c6674dffdfda"},{"url":"https://git.kernel.org/stable/c/1ab526d97a57e44d26fadcc0e9adeb9c0c0182f5"}],"title":"net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write","x_generator":{"engine":"bippy-1.2.0"}}}}