CVE-2025-71079

In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write A deadlock can occur between nfc_unregister_device() and rfkill_fop_write() due to lock ordering inversion between device_lock and rfkill_global_mutex. The problematic lock order is: Thread A (rfkill_fop_write): rfkill_fop_write() mutex_lock(&rfkill_global_mutex) rfkill_set_block() nfc_rfkill_set_block() nfc_dev_down() device_lock(&dev->dev) <- waits for device_lock Thread B (nfc_unregister_device): nfc_unregister_device() device_lock(&dev->dev) rfkill_unregister() mutex_lock(&rfkill_global_mutex) <- waits for rfkill_global_mutex This creates a classic ABBA deadlock scenario. Fix this by moving rfkill_unregister() and rfkill_destroy() outside the device_lock critical section. Store the rfkill pointer in a local variable before releasing the lock, then call rfkill_unregister() after releasing device_lock. This change is safe because rfkill_fop_write() holds rfkill_global_mutex while calling the rfkill callbacks, and rfkill_unregister() also acquires rfkill_global_mutex before cleanup. Therefore, rfkill_unregister() will wait for any ongoing callback to complete before proceeding, and device_del() is only called after rfkill_unregister() returns, preventing any use-after-free. The similar lock ordering in nfc_register_device() (device_lock -> rfkill_global_mutex via rfkill_register) is safe because during registration the device is not yet in rfkill_list, so no concurrent rfkill operations can occur on this device.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1ab526d97a57e44d26fadcc0e9adeb9c0c0182f5	Patch
https://git.kernel.org/stable/c/2e0831e9fc46a06daa6d4d8d57a2738e343130c3	Patch
https://git.kernel.org/stable/c/6b93c8ab6f6cda8818983a4ae3fcf84b023037b4	Patch
https://git.kernel.org/stable/c/8fc4632fb508432895430cd02b38086bdd649083	Patch
https://git.kernel.org/stable/c/e02a1c33f10a0ed3aba855ab8ae2b6c4c5be8012	Patch
https://git.kernel.org/stable/c/ee41f4f3ccf8cd6ba3732e867abbec7e6d8d12e5	Patch
https://git.kernel.org/stable/c/f3a8a7c1aa278f2378b2f3a10500c6674dffdfda	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.16:-::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc8::::::

History

25 Mar 2026, 19:44

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/1ab526d97a57e44d26fadcc0e9adeb9c0c0182f5 -~~	() https://git.kernel.org/stable/c/1ab526d97a57e44d26fadcc0e9adeb9c0c0182f5 - Patch
References	~~() https://git.kernel.org/stable/c/2e0831e9fc46a06daa6d4d8d57a2738e343130c3 -~~	() https://git.kernel.org/stable/c/2e0831e9fc46a06daa6d4d8d57a2738e343130c3 - Patch
References	~~() https://git.kernel.org/stable/c/6b93c8ab6f6cda8818983a4ae3fcf84b023037b4 -~~	() https://git.kernel.org/stable/c/6b93c8ab6f6cda8818983a4ae3fcf84b023037b4 - Patch
References	~~() https://git.kernel.org/stable/c/8fc4632fb508432895430cd02b38086bdd649083 -~~	() https://git.kernel.org/stable/c/8fc4632fb508432895430cd02b38086bdd649083 - Patch
References	~~() https://git.kernel.org/stable/c/e02a1c33f10a0ed3aba855ab8ae2b6c4c5be8012 -~~	() https://git.kernel.org/stable/c/e02a1c33f10a0ed3aba855ab8ae2b6c4c5be8012 - Patch
References	~~() https://git.kernel.org/stable/c/ee41f4f3ccf8cd6ba3732e867abbec7e6d8d12e5 -~~	() https://git.kernel.org/stable/c/ee41f4f3ccf8cd6ba3732e867abbec7e6d8d12e5 - Patch
References	~~() https://git.kernel.org/stable/c/f3a8a7c1aa278f2378b2f3a10500c6674dffdfda -~~	() https://git.kernel.org/stable/c/f3a8a7c1aa278f2378b2f3a10500c6674dffdfda - Patch
CWE		CWE-667
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.19:rc8:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.16:-:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::

19 Jan 2026, 13:16

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/2e0831e9fc46a06daa6d4d8d57a2738e343130c3 - () https://git.kernel.org/stable/c/e02a1c33f10a0ed3aba855ab8ae2b6c4c5be8012 -

13 Jan 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-13 16:16

Updated : 2026-03-25 19:44

NVD link : CVE-2025-71079

Mitre link : CVE-2025-71079

CVE.ORG link : CVE-2025-71079

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-667

Improper Locking

5.5 /10