CVE-2026-53189 Linux CVE debrief

Who should care

Defenders responsible for Linux kernel-based systems should review their systems for exposure to CVE-2026-53189. The vulnerability has a HIGH severity score of 7.8 and affects the Linux kernel. Reviewing the CVE record and NVD detail can provide further information on this vulnerability.

Technical summary

The vulnerability, CVE-2026-53189, is related to the Linux kernel's handling of huge memory. Specifically, __split_huge_pmd_locked() updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. This can lead to mm_counter_file() reading freed folio state via folio_test_swapbacked() if folio_put() drops the last reference. To address this, the counter update has been moved before folio_put(). This change ensures that the file/shmem RSS counter is updated before the PMD mapping's folio reference is dropped.

Defensive priority

Defenders should prioritize reviewing their Linux kernel-based systems for exposure to CVE-2026-53189. The vulnerability has a HIGH severity score of 7.8 and affects the Linux kernel.

Recommended defensive actions

• Review Linux kernel-based systems for exposure to CVE-2026-53189
• Update to the latest Linux kernel version that includes the fix
• Monitor system logs for potential exploitation attempts
• Implement compensating controls to mitigate potential impact
• Review and update incident response plans to address potential exploitation

Evidence notes

The CVE record and NVD detail provide further information on this vulnerability. The vulnerability has been resolved by updating the file PMD counter before folio_put() in __split_huge_pmd_locked(). The change ensures that the file/shmem RSS counter is updated before the PMD mapping's folio reference is dropped.

Official resources