CVE-2026-53189

Source
https://cve.org/CVERecord?id=CVE-2026-53189
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53189.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53189
Downstream
Related
Published
2026-06-25T08:39:01.708Z
Modified
2026-07-08T08:09:46.733583629Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
mm/huge_memory: update file PMD counter before folio_put()
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/hugememory: update file PMD counter before folioput()

__splithugepmdlocked() updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folioput() drops the last reference, mmcounterfile() can later read freed folio state via foliotestswapbacked().

Move the counter update before folio_put().

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53189.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fadae2953072e9005c5f1d64e1049edb043494dc
Fixed
84b3212b166b446faea27ebebb7161405ffceef9
Fixed
108963978a681c0c468d279cac2b930c27672877
Fixed
459771c9cf30f378bdbd30fc65d17f7eb931bb59
Fixed
ae9d4caf6f133e884cf5fcda4982c493b35e5194
Fixed
6c29a8ba084e89499ca77b947e07ae817f9c16ce
Fixed
5f5b604e1e6bde4e889199168ee80fe8306d06ad
Fixed
ed5b030931292c94133437ac5e5ff580e498eabd
Fixed
8d878059924f12c1bc24556a92ec56add74de3c8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53189.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.19.0
Fixed
5.10.259
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.210
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.176
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.143
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.94
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53189.json"