PatchSiren cyber security CVE debrief
CVE-2026-52965 Linux CVE debrief
The Linux kernel was vulnerable to an infinite LRU walk on swapout failure in the drm/ttm module. This issue has been resolved by deferring del_bulk_move to the success path only. The vulnerability affected the Linux kernel's drm/ttm module, allowing for potential denial of service or privilege escalation. Linux kernel users and administrators should be aware of this vulnerability and take recommended actions to mitigate potential risks.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-24
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-06-24
- Advisory updated
- 2026-07-10
Who should care
Linux kernel users, administrators, and security teams should be aware of this vulnerability and take recommended actions to mitigate potential risks. Affected operators and platforms may be exposed to potential denial of service or privilege escalation attacks.
Technical summary
The drm/ttm module in the Linux kernel was vulnerable to an infinite LRU walk on swapout failure. When ttm_tt_swapout() fails, the current code calls ttm_resource_add_bulk_move() followed by ttm_resource_move_to_lru_tail() to restore the resource's bulk_move membership. However, ttm_resource_move_to_lru_tail() places the resource at the tail of the LRU list, which puts the resource in front of the hitch node. The next list_for_each_entry_continue() from the hitch finds the same resource again, causing an infinite loop. The fix defers del_bulk_move to the success path only, preventing the infinite loop and potential denial of service or privilege escalation attacks.
Defensive priority
Medium
Recommended defensive actions
- Apply the official patch or update the Linux kernel to the latest version
- Review and monitor system logs for potential exploitation attempts
- Implement compensating controls, such as restricting access to the affected system
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-06-24T17:17:06.937Z and last modified on 2026-07-10T19:23:34.427Z. The NVD entry is currently Awaiting Analysis. Linux kernel users should verify their deployments and review official advisories for affected scope and severity.
Official resources
-
CVE-2026-52965 CVE record
CVE.org
-
CVE-2026-52965 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-24T17:17:06.937Z and has not been modified since then. The NVD entry is currently Awaiting Analysis.