CVE-2026-53189 - Vulnerability Details

- mm/huge_memory: update file PMD counter before folio_put()

Description

In the Linux kernel, the following vulnerability has been resolved:

mm/huge_memory: update file PMD counter before folio_put()

__split_huge_pmd_locked() updates the file/shmem RSS counter after
dropping the PMD mapping's folio reference. If folio_put() drops the last
reference, mm_counter_file() can later read freed folio state via
folio_test_swapbacked().

Move the counter update before folio_put().

Published: 2026-06-25

Score: 7.0 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`fadae2953072e9005c5f1d64e1049edb043494dc`	affected	< 84b3212b166b446faea27ebebb7161405ffceef9
`fadae2953072e9005c5f1d64e1049edb043494dc`	affected	< 108963978a681c0c468d279cac2b930c27672877
`fadae2953072e9005c5f1d64e1049edb043494dc`	affected	< 459771c9cf30f378bdbd30fc65d17f7eb931bb59
`fadae2953072e9005c5f1d64e1049edb043494dc`	affected	< ae9d4caf6f133e884cf5fcda4982c493b35e5194
`fadae2953072e9005c5f1d64e1049edb043494dc`	affected	< 6c29a8ba084e89499ca77b947e07ae817f9c16ce
`fadae2953072e9005c5f1d64e1049edb043494dc`	affected	< 5f5b604e1e6bde4e889199168ee80fe8306d06ad
`fadae2953072e9005c5f1d64e1049edb043494dc`	affected	< ed5b030931292c94133437ac5e5ff580e498eabd
`fadae2953072e9005c5f1d64e1049edb043494dc`	affected	< 8d878059924f12c1bc24556a92ec56add74de3c8

Linux

affected

Version	Status	Constraints
`4.19`	affected	—
`0`	unaffected	< 4.19
`5.10.259`	unaffected	≤ 5.10.*
`5.15.210`	unaffected	≤ 5.15.*
`6.1.176`	unaffected	≤ 6.1.*
`6.6.143`	unaffected	≤ 6.6.*
`6.12.94`	unaffected	≤ 6.12.*
`6.18.36`	unaffected	≤ 6.18.*
`7.0.13`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[fadae2953072e9005c5f1d64e1049edb043494dc,84b3212b166b446faea27ebebb7161405ffceef9)`	affected	code_commit	—
`[fadae2953072e9005c5f1d64e1049edb043494dc,108963978a681c0c468d279cac2b930c27672877)`	affected	code_commit	—
`[fadae2953072e9005c5f1d64e1049edb043494dc,459771c9cf30f378bdbd30fc65d17f7eb931bb59)`	affected	code_commit	—
`[fadae2953072e9005c5f1d64e1049edb043494dc,ae9d4caf6f133e884cf5fcda4982c493b35e5194)`	affected	code_commit	—
`[fadae2953072e9005c5f1d64e1049edb043494dc,6c29a8ba084e89499ca77b947e07ae817f9c16ce)`	affected	code_commit	—
`[fadae2953072e9005c5f1d64e1049edb043494dc,5f5b604e1e6bde4e889199168ee80fe8306d06ad)`	affected	code_commit	—
`[fadae2953072e9005c5f1d64e1049edb043494dc,ed5b030931292c94133437ac5e5ff580e498eabd)`	affected	code_commit	—
`[fadae2953072e9005c5f1d64e1049edb043494dc,8d878059924f12c1bc24556a92ec56add74de3c8)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.19`	affected	semver	—
`[0,4.19)`	unaffected	semver	—
`[5.10.259,5.11.0)`	unaffected	semver	—
`[5.15.210,5.16.0)`	unaffected	semver	—
`[6.1.176,6.2.0)`	unaffected	semver	—
`[6.6.143,6.7.0)`	unaffected	semver	—
`[6.12.94,6.13.0)`	unaffected	semver	—
`[6.18.36,6.19.0)`	unaffected	semver	—
`[7.0.13,7.1.0)`	unaffected	semver	—
`[7.1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00184.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/108963978a681c0c468d279cac2b930c27672877
https://git.kernel.org/stable/c/459771c9cf30f378bdbd30fc65d17f7eb931bb59
https://git.kernel.org/stable/c/5f5b604e1e6bde4e889199168ee80fe8306d06ad
https://git.kernel.org/stable/c/6c29a8ba084e89499ca77b947e07ae817f9c16ce
https://git.kernel.org/stable/c/84b3212b166b446faea27ebebb7161405ffceef9
https://git.kernel.org/stable/c/8d878059924f12c1bc24556a92ec56add74de3c8
https://git.kernel.org/stable/c/ae9d4caf6f133e884cf5fcda4982c493b35e5194
https://git.kernel.org/stable/c/ed5b030931292c94133437ac5e5ff580e498eabd
https://lore.kernel.org/linux-cve-announce/2026062557-CVE-2026-53189-1b4a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-53189
https://www.cve.org/CVERecord?id=CVE-2026-53189

History

Fri, 26 Jun 2026 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-415

Fri, 26 Jun 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-364
References		https://lore.kernel.org/linux-cve-announce/2026062557-CVE-2026-53189-1b4a@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-53189 https://www.cve.org/CVERecord?id=CVE-2026-53189
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Thu, 25 Jun 2026 11:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-415

Thu, 25 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: update file PMD counter before folio_put() __split_huge_pmd_locked() updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folio_put() drops the last reference, mm_counter_file() can later read freed folio state via folio_test_swapbacked(). Move the counter update before folio_put().
Title		mm/huge_memory: update file PMD counter before folio_put()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/108963978a681c0c468d279cac2b930c27672877 https://git.kernel.org/stable/c/459771c9cf30f378bdbd30fc65d17f7eb931bb59 https://git.kernel.org/stable/c/5f5b604e1e6bde4e889199168ee80fe8306d06ad https://git.kernel.org/stable/c/6c29a8ba084e89499ca77b947e07ae817f9c16ce https://git.kernel.org/stable/c/84b3212b166b446faea27ebebb7161405ffceef9 https://git.kernel.org/stable/c/8d878059924f12c1bc24556a92ec56add74de3c8 https://git.kernel.org/stable/c/ae9d4caf6f133e884cf5fcda4982c493b35e5194 https://git.kernel.org/stable/c/ed5b030931292c94133437ac5e5ff580e498eabd

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-25T08:39:01.708Z

Updated: 2026-06-25T08:39:01.708Z

Reserved: 2026-06-09T07:44:35.390Z

Link: CVE-2026-53189

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53189 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-26T18:00:06Z

Weaknesses

CWE-364

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object