Impact
The flaw exists in the handling of huge page memory in the Linux kernel. The function __split_huge_pmd_locked() updates the file or shared‑memory resident set size counter after dropping the reference to the page map entry (folio). If the folio_put() that removes the last reference frees the memory, the subsequent counter update can read the memory state after it has already been released, resulting in a use‑after‑free condition that can corrupt kernel memory. This weakness is categorized as CWE‑364.
Affected Systems
All Linux kernel builds that contain the legacy mm/huge_memory code path and have not yet applied the commit that moves the PMD counter update before the folio_put() are affected. No specific version numbers are listed, so any kernel with the vulnerable code can be susceptible. The affected vendor is Linux, and the product is the Linux kernel.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity, while the EPSS < 1% shows a low probability of widespread exploitation. The CVE is not listed in CISA’s KEV catalog. The description does not specify the required access level; it is inferred that local or privileged access would be needed to manipulate huge‑page structures for the exploit to succeed.
OpenCVE Enrichment
Debian DLA