{"id":"CVE-2026-53189","summary":"mm/huge_memory: update file PMD counter before folio_put()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: update file PMD counter before folio_put()\n\n__split_huge_pmd_locked() updates the file/shmem RSS counter after\ndropping the PMD mapping's folio reference.  If folio_put() drops the last\nreference, mm_counter_file() can later read freed folio state via\nfolio_test_swapbacked().\n\nMove the counter update before folio_put().","modified":"2026-07-08T08:09:46.733583629Z","published":"2026-06-25T08:39:01.708Z","related":["CGA-jpq3-5ffc-6h52"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53189.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/108963978a681c0c468d279cac2b930c27672877"},{"type":"WEB","url":"https://git.kernel.org/stable/c/459771c9cf30f378bdbd30fc65d17f7eb931bb59"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5f5b604e1e6bde4e889199168ee80fe8306d06ad"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6c29a8ba084e89499ca77b947e07ae817f9c16ce"},{"type":"WEB","url":"https://git.kernel.org/stable/c/84b3212b166b446faea27ebebb7161405ffceef9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8d878059924f12c1bc24556a92ec56add74de3c8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ae9d4caf6f133e884cf5fcda4982c493b35e5194"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ed5b030931292c94133437ac5e5ff580e498eabd"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53189.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53189"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fadae2953072e9005c5f1d64e1049edb043494dc"},{"fixed":"84b3212b166b446faea27ebebb7161405ffceef9"},{"fixed":"108963978a681c0c468d279cac2b930c27672877"},{"fixed":"459771c9cf30f378bdbd30fc65d17f7eb931bb59"},{"fixed":"ae9d4caf6f133e884cf5fcda4982c493b35e5194"},{"fixed":"6c29a8ba084e89499ca77b947e07ae817f9c16ce"},{"fixed":"5f5b604e1e6bde4e889199168ee80fe8306d06ad"},{"fixed":"ed5b030931292c94133437ac5e5ff580e498eabd"},{"fixed":"8d878059924f12c1bc24556a92ec56add74de3c8"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53189.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.19.0"},{"fixed":"5.10.259"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.210"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.176"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.143"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.94"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.36"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.13"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53189.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}