CVE-2026-53189
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
In the Linux kernel, a vulnerability was found in __split_huge_pmd_locked() where the file/shmem RSS counter was updated after dropping the folio reference. If folio_put() released the last reference, subsequent reads of folio state by mm_counter_file() could access freed memory.
Risk Assessment
This vulnerability may cause reading invalid data from freed memory, potentially leading to system crashes or information disclosure.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit moving the counter update before folio_put()).
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: update file PMD counter before folio_put() __split_huge_pmd_locked() updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folio_put() drops the last reference, mm_counter_file() can later read freed folio state via folio_test_swapbacked(). Move the counter update before folio_put().

