CVE Catalog

CVE-2026-53189

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in __split_huge_pmd_locked() where the file/shmem RSS counter was updated after dropping the folio reference. If folio_put() released the last reference, subsequent reads of folio state by mm_counter_file() could access freed memory.

Risk Assessment

This vulnerability may cause reading invalid data from freed memory, potentially leading to system crashes or information disclosure.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit moving the counter update before folio_put()).

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: update file PMD counter before folio_put() __split_huge_pmd_locked() updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folio_put() drops the last reference, mm_counter_file() can later read freed folio state via folio_test_swapbacked(). Move the counter update before folio_put().

Vulnerability data from NVD (NIST) · CISA KEV · EPSS