{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53162", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.388Z", "datePublished": "2026-06-25T08:38:43.453Z", "dateUpdated": "2026-06-25T08:38:43.453Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-25T08:38:43.453Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: use round-robin victim selection in refill_stock\n\nHarry Yoo reported that get_random_u32_below() is not safe to call in the\nnmi context and memcg charge draining can happen in nmi context.\n\nMore specifically get_random_u32_below() is neither reentrant- nor\nNMI-safe: it acquires a per-cpu local_lock via local_lock_irqsave() on the\nbatched_entropy_u32 state. An NMI that lands on a CPU mid-update of the\nChaCha batch state and recurses into the random subsystem would corrupt\nthat state. The memcg_stock local_trylock prevents re-entry on the percpu\nstock itself, but cannot protect an unrelated subsystem's per-cpu lock.\n\nReplace the random pick with a per-cpu round-robin counter stored in\nmemcg_stock_pcp and serialized by the same local_trylock that already\nguards cached[] and nr_pages[]. No atomics, no random calls, no extra\nlocks needed."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/memcontrol.c"], "versions": [{"version": "f735eebe55f8f61758fe014bd0b02ab50b059e4d", "lessThan": "89bd8215e25aa6999cc51696da418e0d422bc5e0", "status": "affected", "versionType": "git"}, {"version": "f735eebe55f8f61758fe014bd0b02ab50b059e4d", "lessThan": "00731bd7e18f182a32ca54d6b176eaa470b51ed7", "status": "affected", "versionType": "git"}, {"version": "f735eebe55f8f61758fe014bd0b02ab50b059e4d", "lessThan": "c0cafe24d3f6534294c4b2bc2d47734ff7cbd313", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/memcontrol.c"], "versions": [{"version": "6.16", "status": "affected"}, {"version": "0", "lessThan": "6.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.36", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.13", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "6.18.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "7.0.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/89bd8215e25aa6999cc51696da418e0d422bc5e0"}, {"url": "https://git.kernel.org/stable/c/00731bd7e18f182a32ca54d6b176eaa470b51ed7"}, {"url": "https://git.kernel.org/stable/c/c0cafe24d3f6534294c4b2bc2d47734ff7cbd313"}], "title": "memcg: use round-robin victim selection in refill_stock", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: memcg: use round-robin victim selection in refill_stock", "id": "2492727", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492727"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-366", "details": ["A flaw was found in the Linux kernel's memory cgroup (memcg) subsystem. When a non-maskable interrupt (NMI) occurs during an update of the system's random number generation state, it can lead to corruption of that state. This issue can result in memory cgroup charge draining, potentially causing system instability or a denial of service."], "name": "CVE-2026-53162", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-53162\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-53162\nhttps://lore.kernel.org/linux-cve-announce/2026062550-CVE-2026-53162-477b@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f735eebe55f8f61758fe014bd0b02ab50b059e4d,89bd8215e25aa6999cc51696da418e0d422bc5e0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f735eebe55f8f61758fe014bd0b02ab50b059e4d,00731bd7e18f182a32ca54d6b176eaa470b51ed7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f735eebe55f8f61758fe014bd0b02ab50b059e4d,c0cafe24d3f6534294c4b2bc2d47734ff7cbd313)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.16"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.16)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.36,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.13,7.1.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-06-25T11:45:03.803486+00:00", "updated": "2026-06-26T16:30:03.429196+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}