Linux Kernel up to 6.18.35/7.0.12 mm memcg_reparent_list_lrus Next improper synchronization

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.5 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.18.35/7.0.12. This vulnerability affects the function memcg_reparent_list_lrus of the component mm. The manipulation of the argument Next results in improper synchronization.
This vulnerability is cataloged as CVE-2026-53153. There is no exploit available.
It is advisable to upgrade the affected component.
Details
A vulnerability was found in Linux Kernel up to 6.18.35/7.0.12. It has been classified as critical. Affected is the function memcg_reparent_list_lrus of the component mm. The manipulation of the argument next with an unknown input leads to a improper synchronization vulnerability. CWE is classifying the issue as CWE-662. The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes. The impact remains unknown. CVE summarizes:
In the Linux kernel, the following vulnerability has been resolved: mm/list_lru: drain before clearing xarray entry on reparent memcg_reparent_list_lrus() clears the dying memcg's xarray entry with xas_store(&xas, NULL) before reparenting its per-node lists into the parent. This opens a window where a concurrent list_lru_del() arriving for the dying memcg sees xa_load() == NULL, walks to the parent in lock_list_lru_of_memcg(), takes the parent's per-node lock, and calls list_del_init() on an item still physically linked on the dying memcg's list. If another in-flight thread holds the dying memcg's per-node lock at the same moment (another list_lru_del, or a list_lru_walk_one running an isolate callback), both threads modify ->next/->prev pointers on the same physical list under different locks. Adjacent items can corrupt each other's links. Fix it by reversing the order: reparent each per-node list and mark the child's list lru dead and then clear the xarray entry. Any concurrent list_lru op that finds the still-set xarray entry either takes the dying memcg's per-node lock (synchronizing with the drain) or sees LONG_MIN and walks to the parent, where the items now live.
The advisory is available at git.kernel.org. This vulnerability is traded as CVE-2026-53153 since 06/09/2026. Technical details are known, but there is no available exploit. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 07/03/2026).
The vulnerability scanner Nessus provides a plugin with the ID 323591 (Linux Distros Unpatched Vulnerability : CVE-2026-53153), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 6.18.36 or 7.0.13 eliminates this vulnerability. Applying the patch c19ff4351214f059349788e13e70e74325831ff6/2b66496d794e98f7aeec7688573051f22ec40bac/98733f3f0becb1ae0701d021c1748e974e5fa55c is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (323591) and CERT Bund (WID-SEC-2026-2077). If you want to get best quality of vulnerability data, you may have to visit VulDB.
Affected
- Open Source Linux Kernel
Product
Type
Vendor
Name
Version
- 6.18.0
- 6.18.1
- 6.18.2
- 6.18.3
- 6.18.4
- 6.18.5
- 6.18.6
- 6.18.7
- 6.18.8
- 6.18.9
- 6.18.10
- 6.18.11
- 6.18.12
- 6.18.13
- 6.18.14
- 6.18.15
- 6.18.16
- 6.18.17
- 6.18.18
- 6.18.19
- 6.18.20
- 6.18.21
- 6.18.22
- 6.18.23
- 6.18.24
- 6.18.25
- 6.18.26
- 6.18.27
- 6.18.28
- 6.18.29
- 6.18.30
- 6.18.31
- 6.18.32
- 6.18.33
- 6.18.34
- 6.18.35
- 7.0.0
- 7.0.1
- 7.0.2
- 7.0.3
- 7.0.4
- 7.0.5
- 7.0.6
- 7.0.7
- 7.0.8
- 7.0.9
- 7.0.10
- 7.0.11
- 7.0.12
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.6VulDB Meta Temp Score: 6.5
VulDB Base Score: 5.5
VulDB Temp Score: 5.3
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA Base Score: 7.8
CNA Vector (Linux): 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Improper synchronizationCWE: CWE-662
CAPEC: 🔒
ATT&CK: 🔒
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 323591
Nessus Name: Linux Distros Unpatched Vulnerability : CVE-2026-53153
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: Kernel 6.18.36/7.0.13
Patch: c19ff4351214f059349788e13e70e74325831ff6/2b66496d794e98f7aeec7688573051f22ec40bac/98733f3f0becb1ae0701d021c1748e974e5fa55c
Timeline
06/09/2026 CVE reserved06/25/2026 Advisory disclosed
06/25/2026 VulDB entry created
07/03/2026 VulDB entry last update
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2026-53153 (🔒)
GCVE (CVE): GCVE-0-2026-53153
GCVE (VulDB): GCVE-100-373794
CERT Bund: WID-SEC-2026-2077 - Linux Kernel: Mehrere Schwachstellen
Entry
Created: 06/25/2026 12:24Updated: 07/03/2026 06:39
Changes: 06/25/2026 12:24 (60), 06/28/2026 23:18 (7), 06/29/2026 00:51 (2), 07/03/2026 06:39 (11)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.