HOMEVULNERABILITIESCVE-2026-53342
NONE

CVE-2026-53342

Published: July 1, 2026· Updated: Jul 1, 2026

EPSS:0.15%probability of exploitation in 30 daysPercentile:5.0th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

arm64: mm: call pagetable dtor when freeing hot-removed page tables

Since 5e8eb9aeeda3 ("arm64: mm: always call PTE/PMD ctor in

__create_pgd_mapping()") page-table allocation on ARM64 always calls

pagetable_{pte,pmd,pud,p4d}_ctor(). This sets the page_type to

PGTY_table, increments NR_PAGETABLE and possible allocates a PTL. However

the matching pagetable_dtor() calls were never added.

With DEBUG_VM enabled on kernel versions prior to v6.17 without

2dfcd1608f3a9 ("mm/page_alloc: let page freeing clear any set page type")

this leads to the following warning when freeing these pages due to

page->page_type sharing page->_mapcount:

BUG: Bad page state in process ... pfn:284fbb

page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x284fbb

flags: 0x17fffc000000000(node=0|zone=2|lastcpupid=0x1ffff)

page_type: f2(table)

page dumped because: nonzero mapcount

Call trace:

bad_page+0x13c/0x160

__free_frozen_pages+0x6cc/0x860

___free_pages+0xf4/0x180

free_pages+0x54/0x80

free_hotplug_page_range.part.0+0x58/0x90

free_empty_tables+0x438/0x500

__remove_pgd_mapping.constprop.0+0x60/0xa8

arch_remove_memory+0x48/0x80

try_remove_memory+0x158/0x1d8

offline_and_remove_memory+0x138/0x180

It can also lead to leaking the ptl allocation if ALLOC_SPLIT_PTLOCKS is

defined and incorrect NR_PAGETABLE stats. Fix this by calling

pagetable_dtor() in free_hotplug_pgtable_page() prior to freeing the page

to undo the effects of calling pagetable_*_ctor().

NVD Source

Technical Analysis

CVE-2026-53342 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-53342
SeverityNONE
CISA KEVNo
EPSS (30d)0.15%
PublishedJul 1, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-53342 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.