In the Linux kernel, the following vulnerability has been resolved:

mm/huge_memory: update file PMD counter before folio_put()

__split_huge_pmd_locked() updates the file/shmem RSS counter after
dropping the PMD mapping's folio reference. If folio_put() drops the last
reference, mm_counter_file() can later read freed folio state via
folio_test_swapbacked().

Move the counter update before folio_put().

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00184.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
fadae2953072e9005c5f1d64e1049edb043494dc affected < 84b3212b166b446faea27ebebb7161405ffceef9
fadae2953072e9005c5f1d64e1049edb043494dc affected < 108963978a681c0c468d279cac2b930c27672877
fadae2953072e9005c5f1d64e1049edb043494dc affected < 459771c9cf30f378bdbd30fc65d17f7eb931bb59
fadae2953072e9005c5f1d64e1049edb043494dc affected < ae9d4caf6f133e884cf5fcda4982c493b35e5194
fadae2953072e9005c5f1d64e1049edb043494dc affected < 6c29a8ba084e89499ca77b947e07ae817f9c16ce
fadae2953072e9005c5f1d64e1049edb043494dc affected < 5f5b604e1e6bde4e889199168ee80fe8306d06ad
fadae2953072e9005c5f1d64e1049edb043494dc affected < ed5b030931292c94133437ac5e5ff580e498eabd
fadae2953072e9005c5f1d64e1049edb043494dc affected < 8d878059924f12c1bc24556a92ec56add74de3c8
Linux Linux affected
Version Status Constraints
4.19 affected
0 unaffected < 4.19
5.10.259 unaffected ≤ 5.10.*
5.15.210 unaffected ≤ 5.15.*
6.1.176 unaffected ≤ 6.1.*
6.6.143 unaffected ≤ 6.6.*
6.12.94 unaffected ≤ 6.12.*
6.18.36 unaffected ≤ 6.18.*
7.0.13 unaffected ≤ 7.0.*
7.1 unaffected ≤ *

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux Subscribe
Linux Kernel Subscribe

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/108963978a681c0c468d279cac2b930c27672877 cve-icon
https://git.kernel.org/stable/c/459771c9cf30f378bdbd30fc65d17f7eb931bb59 cve-icon
https://git.kernel.org/stable/c/5f5b604e1e6bde4e889199168ee80fe8306d06ad cve-icon
https://git.kernel.org/stable/c/6c29a8ba084e89499ca77b947e07ae817f9c16ce cve-icon
https://git.kernel.org/stable/c/84b3212b166b446faea27ebebb7161405ffceef9 cve-icon
https://git.kernel.org/stable/c/8d878059924f12c1bc24556a92ec56add74de3c8 cve-icon
https://git.kernel.org/stable/c/ae9d4caf6f133e884cf5fcda4982c493b35e5194 cve-icon
https://git.kernel.org/stable/c/ed5b030931292c94133437ac5e5ff580e498eabd cve-icon
History

Thu, 25 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-415

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: update file PMD counter before folio_put() __split_huge_pmd_locked() updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folio_put() drops the last reference, mm_counter_file() can later read freed folio state via folio_test_swapbacked(). Move the counter update before folio_put().
Title mm/huge_memory: update file PMD counter before folio_put()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:39:01.708Z

Reserved: 2026-06-09T07:44:35.390Z

Link: CVE-2026-53189

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T15:45:05Z

Weaknesses