Description
In the Linux kernel, the following vulnerability has been resolved:

mm/huge_memory: update file PMD counter before folio_put()

__split_huge_pmd_locked() updates the file/shmem RSS counter after
dropping the PMD mapping's folio reference. If folio_put() drops the last
reference, mm_counter_file() can later read freed folio state via
folio_test_swapbacked().

Move the counter update before folio_put().
Published: 2026-06-25
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw exists in the Linux kernel’s huge memory handling: the file or shared‑memory RSS counter is updated after the PMD mapping’s folio reference is released. If this folio is the last reference, the counter may read freed memory, allowing an attacker to observe or influence corrupted state. This can result in memory corruption, denial of service, or privilege escalation if escalated appropriately. The vulnerability is a classic Use‑After‑Free defect (CWE‑415).

Affected Systems

The issue affects the Linux kernel across all builds that include the original mm/huge_memory code path. No specific version range is listed in the available data, so any kernel revision where the bug resides is potentially vulnerable until patched. If your system uses a recent kernel, consult the vendor’s changelog to confirm whether the fix is present.

Risk and Exploitability

The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, because it is a kernel‑memory use‑after‑free, the potential impact is high, and the attack is presumed to require local or privileged access to allocate and manipulate huge pages. The lack of a CVSS score limits quantification, but the nature of the flaw suggests a serious risk if exploited. Periodic monitoring for kernel crashes or segfaults is advisable while a patch is pending.

Generated by OpenCVE AI on June 25, 2026 at 10:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that includes the patch which moves the PMD counter update before folio_put().
  • If an immediate kernel upgrade is not possible, enable additional kernel hardening features such as CONFIG_KASAN, CONFIG_DEBUG_RODATA, and enable any available mitigations that detect or prevent use‑after‑free in memory management paths.
  • After applying the patch or mitigations, reboot the system to ensure the new kernel image is fully active and verify that the memory‑corruption issue no longer triggers by checking for related errata or kernel logs.

Generated by OpenCVE AI on June 25, 2026 at 10:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-415

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: update file PMD counter before folio_put() __split_huge_pmd_locked() updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folio_put() drops the last reference, mm_counter_file() can later read freed folio state via folio_test_swapbacked(). Move the counter update before folio_put().
Title mm/huge_memory: update file PMD counter before folio_put()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:39:01.708Z

Reserved: 2026-06-09T07:44:35.390Z

Link: CVE-2026-53189

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T11:00:11Z

Weaknesses