Circular Locking Dependency in Linux Kernel NFC Component
CVE-2026-31509

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31509?

A circular locking dependency has been identified in the NFC component of the Linux kernel, specifically during the execution of the nci_close_device function. This occurs when both rx_wq and tx_wq are flushed while holding the req_lock, which can lead to the function nci_rx_work acquiring req_lock while it is still held. The issue has been observed during nci selftests with a debug kernel, affecting about 4% of test runs. To mitigate this, the flush of rx_wq should occur after the req_lock has been released to prevent this deadlock situation.

Affected Version(s)

Linux 6a2968aaf50c7a22fced77a5e24aa636281efca8 < 7ed00a3edc8597fe2333f524401e2889aa1b5edf

Linux 6a2968aaf50c7a22fced77a5e24aa636281efca8 < 5eef9ebec7f5738f12cadede3545c05b34bf5ac3

Linux 6a2968aaf50c7a22fced77a5e24aa636281efca8

References

https://git.kernel.org/stable/c/7ed00a3edc8597fe2333f5244...

https://git.kernel.org/stable/c/5eef9ebec7f5738f12cadede3...

https://git.kernel.org/stable/c/ca54e904a071aa65ef3ad46ba...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31509 Data

JSON