CVE-2026-53189
HIGH
Published Jun 25, 2026
Modified Jun 30, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: update file PMD counter before folio_put() __split_huge_pmd_locked() updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folio_put() drops the last reference, mm_counter_file() can later read freed folio state via folio_test_swapbacked(). Move the counter update before folio_put().
CVSS v3.1 Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS — Exploit Prediction
0.0014
Probability of exploitation
0.04%
Percentile rank
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
References
Other References
https://git.kernel.org/stable/c/108963978a681c0c468d279cac2b930c27672877
https://git.kernel.org/stable/c/459771c9cf30f378bdbd30fc65d17f7eb931bb59
https://git.kernel.org/stable/c/5f5b604e1e6bde4e889199168ee80fe8306d06ad
https://git.kernel.org/stable/c/6c29a8ba084e89499ca77b947e07ae817f9c16ce
https://git.kernel.org/stable/c/84b3212b166b446faea27ebebb7161405ffceef9
https://git.kernel.org/stable/c/8d878059924f12c1bc24556a92ec56add74de3c8
https://git.kernel.org/stable/c/ae9d4caf6f133e884cf5fcda4982c493b35e5194
https://git.kernel.org/stable/c/ed5b030931292c94133437ac5e5ff580e498eabd
Frequently Asked Questions
What is CVE-2026-53189? +
In the Linux kernel, the following vulnerability has been resolved:
mm/huge_memory: update file PMD counter before folio_put()
__split_huge_pmd_locked() updates the file/shmem RSS counter after
dropping the PMD mapping's folio reference. If folio_put() drops the last
reference, mm_counter_file() can later read freed folio state via
folio_test_swapbacked().
Move the counter update before folio_put(). It has a CVSS v3.1 base score of 7.8 (HIGH).
How severe is CVE-2026-53189? +
CVE-2026-53189 has a CVSS v3.1 score of 7.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching. The EPSS score is 0.0014, placing it in the 0th percentile for exploitation probability.
How do I check if I'm vulnerable to CVE-2026-53189? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.