CVE-2025-71079 (CNNVD-202601-2188)
中文标题:
Linux kernel 安全漏洞
英文标题:
net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write
漏洞描述
中文描述:
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于nfc_unregister_device和rfkill_fop_write之间存在锁顺序反转,可能导致死锁。
英文描述:
In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write A deadlock can occur between nfc_unregister_device() and rfkill_fop_write() due to lock ordering inversion between device_lock and rfkill_global_mutex. The problematic lock order is: Thread A (rfkill_fop_write): rfkill_fop_write() mutex_lock(&rfkill_global_mutex) rfkill_set_block() nfc_rfkill_set_block() nfc_dev_down() device_lock(&dev->dev) <- waits for device_lock Thread B (nfc_unregister_device): nfc_unregister_device() device_lock(&dev->dev) rfkill_unregister() mutex_lock(&rfkill_global_mutex) <- waits for rfkill_global_mutex This creates a classic ABBA deadlock scenario. Fix this by moving rfkill_unregister() and rfkill_destroy() outside the device_lock critical section. Store the rfkill pointer in a local variable before releasing the lock, then call rfkill_unregister() after releasing device_lock. This change is safe because rfkill_fop_write() holds rfkill_global_mutex while calling the rfkill callbacks, and rfkill_unregister() also acquires rfkill_global_mutex before cleanup. Therefore, rfkill_unregister() will wait for any ongoing callback to complete before proceeding, and device_del() is only called after rfkill_unregister() returns, preventing any use-after-free. The similar lock ordering in nfc_register_device() (device_lock -> rfkill_global_mutex via rfkill_register) is safe because during registration the device is not yet in rfkill_list, so no concurrent rfkill operations can occur on this device.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Linux | Linux | 5ef16d2d172ee56714cff37cd005b98aba08ef5a | - | - |
cpe:2.3:a:linux:linux:5ef16d2d172ee56714cff37cd005b98aba08ef5a:*:*:*:*:*:*:*
|
| Linux | Linux | ff169909eac9e00bf1aa0af739ba6ddfb1b1d135 | - | - |
cpe:2.3:a:linux:linux:ff169909eac9e00bf1aa0af739ba6ddfb1b1d135:*:*:*:*:*:*:*
|
| Linux | Linux | 47244ac0b65bd74cc70007d8e1bac68bd2baad19 | - | - |
cpe:2.3:a:linux:linux:47244ac0b65bd74cc70007d8e1bac68bd2baad19:*:*:*:*:*:*:*
|
| Linux | Linux | c45cea83e13699bdfd47842e04d09dd43af4c371 | - | - |
cpe:2.3:a:linux:linux:c45cea83e13699bdfd47842e04d09dd43af4c371:*:*:*:*:*:*:*
|
| Linux | Linux | 307d2e6cebfca9d92f86c8e2c8e3dd4a8be46ba6 | - | - |
cpe:2.3:a:linux:linux:307d2e6cebfca9d92f86c8e2c8e3dd4a8be46ba6:*:*:*:*:*:*:*
|
| Linux | Linux | 73a0d12114b4bc1a9def79a623264754b9df698e | - | - |
cpe:2.3:a:linux:linux:73a0d12114b4bc1a9def79a623264754b9df698e:*:*:*:*:*:*:*
|
| Linux | Linux | 8a9c61c3ef187d8891225f9b932390670a43a0d3 | - | - |
cpe:2.3:a:linux:linux:8a9c61c3ef187d8891225f9b932390670a43a0d3:*:*:*:*:*:*:*
|
| Linux | Linux | 5.16 | - | - |
cpe:2.3:a:linux:linux:5.16:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-71079 |
2026-01-14 02:22:02 | 2026-01-14 06:08:12 |
| NVD | nvd_CVE-2025-71079 |
2026-01-14 03:00:13 | 2026-01-14 06:14:35 |
| CNNVD | cnnvd_CNNVD-202601-2188 |
2026-01-15 01:52:30 | 2026-01-15 01:53:19 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- severity: SeverityLevel.MEDIUM -> SeverityLevel.UNKNOWN
- cvss_score: 未提取 -> 0.0
- cnnvd_id: 未提取 -> CNNVD-202601-2188
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']