{"cve":{"cve_id":"CVE-2026-53207","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":null,"epss_percentile":null,"epss_as_of":null,"description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/memory-failure: fix hugetlb_lock AA deadlock in get_huge_page_for_hwpoison\n\nTwo concurrent madvise(MADV_HWPOISON) calls on the same hugetlb page can\ntrigger a recursive spinlock self-deadlock (AA deadlock) on hugetlb_lock\nwhen racing with a concurrent unmap:\n\n  thread#0                              thread#1\n  --------                              --------\n  madvise(folio, MADV_HWPOISON)\n    -> poisons the folio successfully\n  madvise(folio, MADV_HWPOISON)         unmap(folio)\n    try_memory_failure_hugetlb\n      get_huge_page_for_hwpoison\n        spin_lock_irq(&hugetlb_lock)    <- held\n        __get_huge_page_for_hwpoison\n          hugetlb_update_hwpoison()\n            -> MF_HUGETLB_FOLIO_PRE_POISONED\n          goto out:\n            folio_put()\n              refcount: 1 -> 0\n              free_huge_folio()\n                spin_lock_irqsave(&hugetlb_lock)\n                  -> AA DEADLOCK!\n\nThe out: path in __get_huge_page_for_hwpoison() calls folio_put() to drop\nthe GUP reference while the hugetlb_lock is still held by the hugetlb.c\nwrapper get_huge_page_for_hwpoison().  If concurrent unmap has released\nthe page table mapping reference, folio_put() drops the folio refcount to\nzero, triggering free_huge_folio() which attempts to re-acquire the\nnon-recursive hugetlb_lock.\n\nFix this by moving hugetlb_lock acquisition from the hugetlb.c wrapper\ninto get_huge_page_for_hwpoison().  Place spin_unlock_irq() before the\nfolio_put() at the out: label so the folio is always released outside the\nlock.\n\n[akpm@linux-foundation.org: fix race, rename label per Miaohe]","published_at":"2026-06-25T08:39:13.592000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":null,"nvd_references":["https://git.kernel.org/stable/c/fc3ff42cb0cbf947e4600ae9761c3783760050e2","https://git.kernel.org/stable/c/77b73b54801ae7137479c141fd0473a491c1dc48","https://git.kernel.org/stable/c/a33bfed648c10f5a1519981dbfad80841191edc8","https://git.kernel.org/stable/c/dd77a83915b07e2b0205adb284f08b39ae31dc4b","https://git.kernel.org/stable/c/bf7ba8f96c258c30393814491930ae4ecdc5fe5e","https://git.kernel.org/stable/c/3c2d42b8ee345b17a4ba56b0f6492d1ff4c1178e"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-28T17:55:28.590503Z","updated_at":"2026-06-28T23:30:51.545322Z"},"effective_severity":null,"badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"405ce051236cc65b30bbfe490b28ce60ae6aed85","version_start_inclusive":true,"version_end":"fc3ff42cb0cbf947e4600ae9761c3783760050e2","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:405ce051236cc65b30bbfe490b28ce60ae6aed85:fc3ff42cb0cbf947e4600ae9761c3783760050e2"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"405ce051236cc65b30bbfe490b28ce60ae6aed85","version_start_inclusive":true,"version_end":"77b73b54801ae7137479c141fd0473a491c1dc48","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:405ce051236cc65b30bbfe490b28ce60ae6aed85:77b73b54801ae7137479c141fd0473a491c1dc48"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"405ce051236cc65b30bbfe490b28ce60ae6aed85","version_start_inclusive":true,"version_end":"a33bfed648c10f5a1519981dbfad80841191edc8","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:405ce051236cc65b30bbfe490b28ce60ae6aed85:a33bfed648c10f5a1519981dbfad80841191edc8"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"405ce051236cc65b30bbfe490b28ce60ae6aed85","version_start_inclusive":true,"version_end":"dd77a83915b07e2b0205adb284f08b39ae31dc4b","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:405ce051236cc65b30bbfe490b28ce60ae6aed85:dd77a83915b07e2b0205adb284f08b39ae31dc4b"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"405ce051236cc65b30bbfe490b28ce60ae6aed85","version_start_inclusive":true,"version_end":"bf7ba8f96c258c30393814491930ae4ecdc5fe5e","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:405ce051236cc65b30bbfe490b28ce60ae6aed85:bf7ba8f96c258c30393814491930ae4ecdc5fe5e"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"405ce051236cc65b30bbfe490b28ce60ae6aed85","version_start_inclusive":true,"version_end":"3c2d42b8ee345b17a4ba56b0f6492d1ff4c1178e","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:405ce051236cc65b30bbfe490b28ce60ae6aed85:3c2d42b8ee345b17a4ba56b0f6492d1ff4c1178e"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"62d1655b922958826b7ec22682c3141746f75064","version_start_inclusive":true,"version_end":"62d1655b922958826b7ec22682c3141746f75064","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:62d1655b922958826b7ec22682c3141746f75064:62d1655b922958826b7ec22682c3141746f75064"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.15.54","version_start_inclusive":true,"version_end":"5.16","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:5.15.54:5.16"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.18","version_start_inclusive":true,"version_end":"5.18","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:5.18:5.18"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"0","version_start_inclusive":true,"version_end":"5.18","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:0:5.18"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.1.176","version_start_inclusive":true,"version_end":"6.1.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.1.176:6.1.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.6.143","version_start_inclusive":true,"version_end":"6.6.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.6.143:6.6.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.12.94","version_start_inclusive":true,"version_end":"6.12.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.12.94:6.12.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.18.36","version_start_inclusive":true,"version_end":"6.18.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.18.36:6.18.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.0.13","version_start_inclusive":true,"version_end":"7.0.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.0.13:7.0.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.1","version_start_inclusive":true,"version_end":"*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.1:*"}],"exploit_refs":[],"news":[],"references":[{"url":"https://git.kernel.org/stable/c/fc3ff42cb0cbf947e4600ae9761c3783760050e2","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/77b73b54801ae7137479c141fd0473a491c1dc48","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/a33bfed648c10f5a1519981dbfad80841191edc8","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/dd77a83915b07e2b0205adb284f08b39ae31dc4b","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/bf7ba8f96c258c30393814491930ae4ecdc5fe5e","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/3c2d42b8ee345b17a4ba56b0f6492d1ff4c1178e","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-06-25T08:39:13.592000Z","label":"CVE published","source":null}]}