CVE-2026-53342
Received Received - Intake

Memory Leak in Linux Kernel Page Table Handling

Vulnerability report for CVE-2026-53342, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: call pagetable dtor when freeing hot-removed page tables Since 5e8eb9aeeda3 ("arm64: mm: always call PTE/PMD ctor in __create_pgd_mapping()") page-table allocation on ARM64 always calls pagetable_{pte,pmd,pud,p4d}_ctor(). This sets the page_type to PGTY_table, increments NR_PAGETABLE and possible allocates a PTL. However the matching pagetable_dtor() calls were never added. With DEBUG_VM enabled on kernel versions prior to v6.17 without 2dfcd1608f3a9 ("mm/page_alloc: let page freeing clear any set page type") this leads to the following warning when freeing these pages due to page->page_type sharing page->_mapcount: BUG: Bad page state in process ... pfn:284fbb page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x284fbb flags: 0x17fffc000000000(node=0|zone=2|lastcpupid=0x1ffff) page_type: f2(table) page dumped because: nonzero mapcount Call trace: bad_page+0x13c/0x160 __free_frozen_pages+0x6cc/0x860 ___free_pages+0xf4/0x180 free_pages+0x54/0x80 free_hotplug_page_range.part.0+0x58/0x90 free_empty_tables+0x438/0x500 __remove_pgd_mapping.constprop.0+0x60/0xa8 arch_remove_memory+0x48/0x80 try_remove_memory+0x158/0x1d8 offline_and_remove_memory+0x138/0x180 It can also lead to leaking the ptl allocation if ALLOC_SPLIT_PTLOCKS is defined and incorrect NR_PAGETABLE stats. Fix this by calling pagetable_dtor() in free_hotplug_pgtable_page() prior to freeing the page to undo the effects of calling pagetable_*_ctor().

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel to 6.17 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel on ARM64 architectures related to page table management. Specifically, when page tables are allocated, constructors (pagetable_ctor) are called to set up page types and increment counters. However, the corresponding destructors (pagetable_dtor) were not called when freeing these page tables. This omission causes incorrect page state and warnings during memory freeing operations, and can lead to resource leaks and incorrect statistics.

Impact Analysis

The impact of this vulnerability includes potential kernel warnings and errors due to bad page states, which can cause instability or crashes during memory management operations. It can also lead to leaking of page table lock allocations and incorrect page table statistics, potentially degrading system performance or causing resource exhaustion over time.

Detection Guidance

This vulnerability manifests as a kernel warning related to bad page state when freeing hot-removed page tables on ARM64 systems with DEBUG_VM enabled. The warning message includes details such as 'BUG: Bad page state in process ... pfn:284fbb' and a call trace involving functions like bad_page, __free_frozen_pages, and free_hotplug_page_range.

To detect this vulnerability on your system, you should monitor your kernel logs (e.g., using dmesg or journalctl) for such warnings indicating bad page states and call traces related to page freeing operations.

Suggested commands to check for these signs include:

  • dmesg | grep -i 'BUG: Bad page state'
  • journalctl -k | grep -i 'BUG: Bad page state'
  • journalctl -k | grep -i 'free_hotplug_page_range'
  • Check for memory hotplug events or errors related to page table freeing in kernel logs.
Mitigation Strategies

The vulnerability is fixed by ensuring that the pagetable destructor (pagetable_dtor) is called when freeing hot-removed page tables on ARM64 systems. This prevents bad page states and memory leaks.

Immediate mitigation steps include:

  • Update your Linux kernel to version 6.17 or later, where this issue has been resolved.
  • If updating is not immediately possible, enable DEBUG_VM to monitor for the warning messages and avoid hot-removing memory on affected ARM64 systems.
  • Avoid defining ALLOC_SPLIT_PTLOCKS if possible, as it may exacerbate the issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53342. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart