Description
In the Linux kernel, the following vulnerability has been resolved:

mm/huge_memory: update file PMD counter before folio_put()

__split_huge_pmd_locked() updates the file/shmem RSS counter after
dropping the PMD mapping's folio reference. If folio_put() drops the last
reference, mm_counter_file() can later read freed folio state via
folio_test_swapbacked().

Move the counter update before folio_put().
Published: 2026-06-25
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw exists in the handling of huge page memory in the Linux kernel. The function __split_huge_pmd_locked() updates the file or shared‑memory resident set size counter after dropping the reference to the page map entry (folio). If the folio_put() that removes the last reference frees the memory, the subsequent counter update can read the memory state after it has already been released, resulting in a use‑after‑free condition that can corrupt kernel memory. This weakness is categorized as CWE‑364.

Affected Systems

All Linux kernel builds that contain the legacy mm/huge_memory code path and have not yet applied the commit that moves the PMD counter update before the folio_put() are affected. No specific version numbers are listed, so any kernel with the vulnerable code can be susceptible. The affected vendor is Linux, and the product is the Linux kernel.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, while the EPSS < 1% shows a low probability of widespread exploitation. The CVE is not listed in CISA’s KEV catalog. The description does not specify the required access level; it is inferred that local or privileged access would be needed to manipulate huge‑page structures for the exploit to succeed.

Generated by OpenCVE AI on June 28, 2026 at 14:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that contains the commit moving the PMD counter update before folio_put().
  • Reboot the system so the new kernel image is actively running.
  • If immediate update is not possible, consider disabling transparent huge pages or avoiding huge‑page allocations until the patch is applied.

Generated by OpenCVE AI on June 28, 2026 at 14:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4664-1 linux security update
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Fri, 26 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-415

Fri, 26 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-364
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


Thu, 25 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-415

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: update file PMD counter before folio_put() __split_huge_pmd_locked() updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folio_put() drops the last reference, mm_counter_file() can later read freed folio state via folio_test_swapbacked(). Move the counter update before folio_put().
Title mm/huge_memory: update file PMD counter before folio_put()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:40:05.635Z

Reserved: 2026-06-09T07:44:35.390Z

Link: CVE-2026-53189

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53189 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T14:30:07Z

Weaknesses
  • CWE-364

    Signal Handler Race Condition