CVE-2026-31509

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nfc: nci: fix circular locking dependency in nci_close_device<br /> <br /> nci_close_device() flushes rx_wq and tx_wq while holding req_lock.<br /> This causes a circular locking dependency because nci_rx_work()<br /> running on rx_wq can end up taking req_lock too:<br /> <br /> nci_rx_work -&gt; nci_rx_data_packet -&gt; nci_data_exchange_complete<br /> -&gt; __sk_destruct -&gt; rawsock_destruct -&gt; nfc_deactivate_target<br /> -&gt; nci_deactivate_target -&gt; nci_request -&gt; mutex_lock(&amp;ndev-&gt;req_lock)<br /> <br /> Move the flush of rx_wq after req_lock has been released.<br /> This should safe (I think) because NCI_UP has already been cleared<br /> and the transport is closed, so the work will see it and return<br /> -ENETDOWN.<br /> <br /> NIPA has been hitting this running the nci selftest with a debug<br /> kernel on roughly 4% of the runs.