DEBIAN-CVE-2026-31509
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking dependency in nci_close_device nci_close_device() flushes rx_wq and tx_wq while holding req_lock. This causes a circular locking dependency because nci_rx_work() running on rx_wq can end up taking req_lock too: nci_rx_work -> nci_rx_data_packet -> nci_data_exchange_complete -> __sk_destruct -> rawsock_destruct -> nfc_deactivate_target -> nci_deactivate_target -> nci_request -> mutex_lock(&ndev->req_lock) Move the flush of rx_wq after req_lock has been released. This should safe (I think) because NCI_UP has already been cleared and the transport is closed, so the work will see it and return -ENETDOWN. NIPA has been hitting this running the nci selftest with a debug kernel on roughly 4% of the runs.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | linux | 6.12.41-1, 6.12.85-1, 6.12.74-2 |
| Debian:11 | linux | 5.16, *, 6.18.12-1 |
| Debian:11 | linux-6.1 | 0, 6.1.164-1, 6.1.162-1 |
| Debian:12 | linux | 6.1.52-1, 6.12.9-1+alpha, 6.13.2-1~exp1 |
| Debian:14 | linux | *, 6.17.13-1, 6.17.2-1~exp1 |
Timeline
- Apr 22, 2026 CVE Published
- May 2, 2026 CVE Updated