PatchSiren cyber security CVE debrief
CVE-2026-52949 Linux CVE debrief
A vulnerability was found in the Linux kernel, specifically in the drm/ttm module. The issue is related to an infinite LRU walk on backup failure in the ttm_bo_shrink() path. A fix has been applied, similar to the one used in ttm_bo_swapout(). The del_bulk_move operation is now moved from before the backup to after success only, using ttm_resource_del_bulk_move_unevictable(). This change prevents the infinite LRU walk and ensures that the resource becomes unevictable once fully backed up. Linux kernel users and administrators should be aware of this vulnerability and take necessary actions to protect their systems.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-24
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-06-24
- Advisory updated
- 2026-07-10
Who should care
Linux kernel users and administrators should be aware of this vulnerability and take necessary actions to protect their systems. This includes reviewing system configurations, ensuring that the drm/ttm module is properly configured, and monitoring system logs for any suspicious activity related to the drm/ttm module.
Technical summary
The vulnerability is in the drm/ttm module of the Linux kernel. Specifically, the ttm_bo_shrink() path was susceptible to an infinite LRU walk on backup failure. This issue has been addressed by applying a similar fix to the one used in ttm_bo_swapout(). The change involves moving the del_bulk_move operation from before the backup to after success only, utilizing ttm_resource_del_bulk_move_unevictable() since the resource becomes unevictable once fully backed up. This fix prevents the infinite LRU walk and ensures system stability.
Defensive priority
Medium
Recommended defensive actions
- Apply the official patch or update to the latest Linux kernel version.
- Review system configurations and ensure that the drm/ttm module is properly configured.
- Monitor system logs for any suspicious activity related to the drm/ttm module.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
Evidence notes
The CVE record was published on 2026-06-24T17:17:05.033Z and last modified on 2026-07-10T19:23:34.427Z. The NVD entry is currently Awaiting Analysis. The vulnerability was resolved in the Linux kernel. The fix involves moving the del_bulk_move operation from before the backup to after success only, utilizing ttm_resource_del_bulk_move_unevictable() since the resource becomes unevictable once fully backed up. This change was applied to the ttm_bo_shrink() path to prevent an infinite LRU walk on backup failure.
Official resources
-
CVE-2026-52949 CVE record
CVE.org
-
CVE-2026-52949 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-24T17:17:05.033Z and has not been modified since then. The NVD entry is currently Awaiting Analysis.