CVE-2026-53285
Received Received - Intake
Kernel Crash in AMD Display Driver Due to FPU Preemption

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED [Why] dcn32_validate_bandwidth() wraps dcn32_internal_validate_bw() with DC_FP_START()/DC_FP_END(). In x86 non-RT, DC_FP_START takes fpregs_lock(), which disables local softirqs. The DML1 path through dcn32_enable_phantom_plane() calls kvzalloc() to allocate ~335 KiB for dc_plane_state. This triggers the vmalloc path, which calls BUG_ON(in_interrupt()) because it's invoked within the FPU-enabled (softirq disabled) region, leading to a kernel crash. [How] Wrap the dc_state_create_phantom_plane() call with the DC_RUN_WITH_PREEMPTION_ENABLED() macro to allow preemption during this memory allocation. (cherry picked from commit 885ccbef7b94a8b38f69c4211c679021aa27ad11)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-27
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-53285
EUVD
EUVD-2026-39890
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's AMD display driver, specifically in the drm/amd/display component. It involves the allocation of a phantom-plane state in the DCN32 display code path. During this allocation, the code disables local softirqs by taking a lock (fpregs_lock) in a non-real-time x86 environment, which leads to a situation where a memory allocation function (kvzalloc) triggers a kernel crash because it is called in an inappropriate context (within a region where preemption is disabled).

The root cause is that the memory allocation for the phantom-plane state happens while preemption is disabled, which violates kernel constraints and causes a BUG_ON() to be triggered, crashing the kernel.

The fix involves wrapping the phantom-plane allocation call with a macro (DC_RUN_WITH_PREEMPTION_ENABLED) that temporarily enables preemption during this allocation, preventing the crash.

Impact Analysis

This vulnerability can cause the Linux kernel to crash unexpectedly when the affected AMD display driver code path is executed. Such a kernel crash leads to system instability, potential data loss, and downtime.

If you are running systems with the affected Linux kernel and AMD display components, this could result in service interruptions and degraded reliability.

Mitigation Strategies

The vulnerability has been resolved by wrapping the dc_state_create_phantom_plane() call with the DC_RUN_WITH_PREEMPTION_ENABLED() macro to allow preemption during memory allocation.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53285. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart