CVE-2026-53101

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7921: fix potential deadlock in mt7921_roc_abort_sync

roc_abort_sync() can deadlock with roc_work(). roc_work() holds dev->mt76.mutex, while cancel_work_sync() waits for roc_work() to finish. If the caller already owns the same mutex, both sides block and no progress is possible.

This deadlock can occur during station removal when mt76_sta_state() -> mt76_sta_remove() -> mt7921_mac_sta_remove() -> mt7921_roc_abort_sync() invokes cancel_work_sync() while roc_work() is still running and holding dev->mt76.mutex.

This avoids the mutex deadlock and preserves exactly-once work ownership.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux352d966126e66d825244f1185eb9f2d904c83dd4 < b4faaa617af3f4173e64169b0ec1af8f9c5bca10affected
LinuxLinux352d966126e66d825244f1185eb9f2d904c83dd4 < 35180c772f5e11e2fa4d80d3dfd50906cb6d9646affected
LinuxLinux352d966126e66d825244f1185eb9f2d904c83dd4 < 91e77840bf13de3add125060cf8b32ca24a52c8caffected
LinuxLinux352d966126e66d825244f1185eb9f2d904c83dd4 < d5059e52fd8bc624ec4255c9fa01a266513d126baffected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.12.95 <= 6.12.*unaffected
LinuxLinux6.18.33 <= 6.18.*unaffected
LinuxLinux7.0.10 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References