CVE-2026-53155 Vulnerability Analysis & Exploit Details

CVE-2026-53155
Vulnerability Scoring

5.5
/10
Significant Risk

Security assessments indicate that CVE-2026-53155 presents a notable risk, potentially requiring prompt mitigation.

Attack Complexity Details

  • Attack Complexity: Low
    Exploits can be performed without significant complexity or special conditions.
  • Attack Vector: Local
    Vulnerability requires local system access.
  • Privileges Required: Low
    Some privileges are necessary to exploit the vulnerability.
  • Scope: Unchanged
    Exploit remains within the originally vulnerable component.
  • User Interaction: None
    No user interaction is necessary for exploitation.

CVE-2026-53155 Details

Status: Analyzed

Last updated: 🕗 07 Jul 2026, 20:10 UTC
Originally published on: 🕘 25 Jun 2026, 09:16 UTC

Time between publication and last update: 12 days

CVSS Release: version 3

CVSS3 Source

nvd@nist.gov

CVSS3 Type

Primary

CVSS3 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2026-53155 Vulnerability Summary

CVE-2026-53155: In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: use correct flags for device private PMD entry Commit 65edfda6f3f2 ("mm/rmap: extend rmap and migration support device-private entries") updated set_pmd_migration_entry() to use pmdp_huge_get_and_clear() in the softleaf case, but made no further adjustments to the function itself. Therefore this function continues to incorrectly use pmd_write(), pmd_soft_dirty() and pmd_uffd_wp() to determine whether the installed migration entry should be marked writable, softdirty or uffd-wp respectively. Whilst all are incorrect, the most problematic of these is pmd_write(), as this can lead to corrupted rmap state. On x86-64 _PAGE_SWP_SOFT_DIRTY is aliased to _PAGE_RW. So calling pmd_write() on a softleaf will return the softdirty state encoded in the entry, assuming CONFIG_MEM_SOFT_DIRTY was enabled. This was observed when running the hmm.hmm_device_private.anon_write_child selftest: 1. The test faults in a range then migrates it such that a device-private THP range is established. 2. The parent then migrates it to a device-private writable PMD entry whose folio is entirely AnonExclusive with entire_mapcount=1, softdirty set (accidentally correct write state). 3. The parent forks and the PMD entries are set to device-private read only entries, entire_mapcount=2, softdirty still set. 4. [BUG] The child writes to the range then migrates to RAM - intending to install non-writable migration entries - but replacing parent and child PMD mappings with WRITABLE entries due to misinterpreting the softdirty bit. 5. In remove_migration_pmd(), if !softleaf_is_migration_read(entry) we set the RMAP_EXCLUSIVE flag when calling folio_add_anon_rmap_pmd() for both parent and child, which are therefore AnonExclusive. 6. [SPLAT] Child sets migrated folio entire_mapcount=1, parent sets entire_mapcount=2 and we end up with an AnonExclusive folio with entire_mapcount=2! Assert fires in __folio_add_anon_rmap(): VM_WARN_ON_FOLIO(folio_test_large(folio) && folio_entire_mapcount(folio) > 1 && PageAnonExclusive(cur_page), folio) This patch fixes the issue by correctly referencing the softleaf entry fields for writable, softdirty and uffd-wp in set_pmd_migration_entry(). It also only updates A/D flags if the entry is present as these are otherwise not meaningful for a softleaf entry. This patch also flips the if (!present) { ... } else { ... } logic in set_pmd_migration_entry() so it is easier to understand, and adds some comments to make things clearer. I was able to bisect this to commit 775465fd26a3 ("lib/test_hmm: add zone device private THP test infrastructure") which first exposes this bug as it was the commit that permitted test_hmm to generate the test. However commit 65edfda6f3f2 ("mm/rmap: extend rmap and migration support device-private entries") is the commit that actually enabled this behaviour.

Assessing the Risk of CVE-2026-53155

Access Complexity Graph

The exploitability of CVE-2026-53155 depends on two key factors: attack complexity (the level of effort required to execute an exploit) and privileges required (the access level an attacker needs).

Exploitability Analysis for CVE-2026-53155

CVE-2026-53155 presents an accessible attack vector with minimal effort required. Restricting access controls and implementing security updates are critical to reducing exploitation risks.

Understanding AC and PR

A lower complexity and fewer privilege requirements make exploitation easier. Security teams should evaluate these aspects to determine the urgency of mitigation strategies, such as patch management and access control policies.

Attack Complexity (AC) measures the difficulty in executing an exploit. A high AC means that specific conditions must be met, making an attack more challenging, while a low AC means the vulnerability can be exploited with minimal effort.

Privileges Required (PR) determine the level of system access necessary for an attack. Vulnerabilities requiring no privileges are more accessible to attackers, whereas high privilege requirements limit exploitation to authorized users with elevated access.

CVSS Score Breakdown Chart

Above is the CVSS Sub-score Breakdown for CVE-2026-53155, illustrating how Base, Impact, and Exploitability factors combine to form the overall severity rating. A higher sub-score typically indicates a more severe or easier-to-exploit vulnerability.

CIA Impact Analysis

Below is the Impact Analysis for CVE-2026-53155, showing how Confidentiality, Integrity, and Availability might be affected if the vulnerability is exploited. Higher values usually signal greater potential damage.

  • Confidentiality: None
    CVE-2026-53155 has no significant impact on data confidentiality.
  • Integrity: None
    CVE-2026-53155 poses no threat to data integrity.
  • Availability: High
    CVE-2026-53155 can disrupt system operations, potentially causing complete denial of service (DoS).

CVE-2026-53155 References

External References

CWE Common Weakness Enumeration

NVD-CWE-noinfo

Vulnerable Configurations

  • cpe:2.3:o:linux:linux_kernel:6.19:-:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19:-:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19.1:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19.1:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19.3:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19.3:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19.4:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19.4:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19.6:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19.6:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19.7:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19.7:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19.8:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19.8:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19.9:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19.9:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19.10:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19.10:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19.11:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19.11:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19.12:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19.12:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19.13:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19.13:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19.14:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19.14:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.0:-:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:7.0:-:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:7.0.10:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*

Protect Your Infrastructure against CVE-2026-53155: Combat Critical CVE Threats

Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.

Other 5 Recently Published CVEs Vulnerabilities

  • CVE-2026-15138 – A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affects the function _validate_file_path of the file mcp...
  • CVE-2026-47646 – Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker...
  • CVE-2026-15137 – A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\V...
  • CVE-2026-15135 – A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects an unknown part of the file /edit_food_items.php. T...
  • CVE-2026-15134 – A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality o...