HOMEVULNERABILITIESCVE-2026-53154
NONE

CVE-2026-53154

Published: June 25, 2026· Updated: Jun 30, 2026

EPSS:0.17%probability of exploitation in 30 daysPercentile:6.4th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

mm/hugetlb: restore reservation on error in hugetlb folio copy paths

Two sites in mm/hugetlb.c allocate a hugetlb folio via

alloc_hugetlb_folio() (consuming a VMA reservation) and then call

copy_user_large_folio(), which became int-returning in commit 1cb9dc4b475c

("mm: hwpoison: support recovery from HugePage copy-on-write faults") and

can now fail (e.g. -EHWPOISON on a hwpoisoned source page). On the

failure path, folio_put() restores the global hugetlb pool count through

free_huge_folio(), but the per-VMA reservation map entry is left marked

consumed:

- hugetlb_mfill_atomic_pte() resubmission path (UFFDIO_COPY)

- copy_hugetlb_page_range() fork-time CoW path when

hugetlb_try_dup_anon_rmap() fails (rare: pinned hugetlb anon

folio under fork)

User-visible effect: on UFFDIO_COPY into a private hugetlb VMA where the

resubmission copy fails, the reservation for that address is leaked from

the VMA's reserve map. A subsequent fault at the same address takes the

no-reservation path, and under hugetlb pool pressure the task is SIGBUSed

at an address it had previously reserved. The fork-time CoW path leaks

the same way in the child VMA's reserve map, though it requires the much

rarer combination of pinned hugetlb anon page + hwpoisoned source.

Add the missing restore_reserve_on_error() call before folio_put() on both

error paths.

NVD Source

Technical Analysis

CVE-2026-53154 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (5)

Quick Facts

CVE IDCVE-2026-53154
SeverityNONE
CISA KEVNo
EPSS (30d)0.17%
PublishedJun 25, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-53154 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.