CVE-2026-31509
- Source
- https://cve.org/CVERecord?id=CVE-2026-31509
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31509.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-31509
- Downstream
- Published
- 2026-04-22T13:54:27.436Z
- Modified
- 2026-05-18T05:59:50.127607896Z
- Summary
- nfc: nci: fix circular locking dependency in nci_close_device
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: fix circular locking dependency in nciclosedevice
nciclosedevice() flushes rxwq and txwq while holding reqlock. This causes a circular locking dependency because ncirxwork() running on rxwq can end up taking req_lock too:
ncirxwork -> ncirxdatapacket -> ncidataexchangecomplete -> _skdestruct -> rawsockdestruct -> nfcdeactivatetarget -> ncideactivatetarget -> ncirequest -> mutexlock(&ndev->reqlock)
Move the flush of rxwq after reqlock has been released. This should safe (I think) because NCI_UP has already been cleared and the transport is closed, so the work will see it and return -ENETDOWN.
NIPA has been hitting this running the nci selftest with a debug kernel on roughly 4% of the runs.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31509.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/09143c0e8f3b03517e6233aad42f45c794d8df8e
- https://git.kernel.org/stable/c/1edc12d2bbcb7a8d0f1088e6fccb9d8c01bb1289
- https://git.kernel.org/stable/c/4527025d440ce84bf56e75ce1df2e84cb8178616
- https://git.kernel.org/stable/c/5eef9ebec7f5738f12cadede3545c05b34bf5ac3
- https://git.kernel.org/stable/c/7ed00a3edc8597fe2333f524401e2889aa1b5edf
- https://git.kernel.org/stable/c/ca54e904a071aa65ef3ad46ba42d51aaac6b73b4
- https://git.kernel.org/stable/c/d89b74bf08f067b55c03d7f999ba0a0e73177eb3
- https://git.kernel.org/stable/c/eb435d150ca74b4d40f77f1a2266f3636ed64a79
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31509.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-31509
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6a2968aaf50c7a22fced77a5e24aa636281efca8Fixed7ed00a3edc8597fe2333f524401e2889aa1b5edfFixed5eef9ebec7f5738f12cadede3545c05b34bf5ac3Fixedca54e904a071aa65ef3ad46ba42d51aaac6b73b4Fixedeb435d150ca74b4d40f77f1a2266f3636ed64a79Fixed1edc12d2bbcb7a8d0f1088e6fccb9d8c01bb1289Fixedd89b74bf08f067b55c03d7f999ba0a0e73177eb3Fixed09143c0e8f3b03517e6233aad42f45c794d8df8eFixed4527025d440ce84bf56e75ce1df2e84cb8178616
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.2.0Fixed5.10.253
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.203
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.168
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.131
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.80
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.21
- Type
- ECOSYSTEM
- Events
-
Introduced6.19.0Fixed6.19.11