CVE-2026-53189
Received Received - Intake
Linux Kernel PMD Counter Update Race Condition

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: update file PMD counter before folio_put() __split_huge_pmd_locked() updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folio_put() drops the last reference, mm_counter_file() can later read freed folio state via folio_test_swapbacked(). Move the counter update before folio_put().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-53189
EUVD
EUVD-2026-39280
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's memory management code related to huge pages. Specifically, the function __split_huge_pmd_locked() updates the file or shared memory RSS (Resident Set Size) counter after it has dropped the PMD (Page Middle Directory) mapping's folio reference. If the folio_put() function drops the last reference to the folio, the mm_counter_file() function may later read from a freed folio state via folio_test_swapbacked(), which can lead to incorrect memory accounting or potential use-after-free issues.

The fix involves moving the update of the counter to occur before calling folio_put(), ensuring that the counter is updated while the folio reference is still valid.

Impact Analysis

This vulnerability can lead to incorrect memory accounting in the Linux kernel, which might cause system instability or unexpected behavior in memory management. If the kernel reads freed memory state, it could potentially lead to use-after-free conditions, which in some cases might be exploitable to cause crashes or escalate privileges.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53189. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart