CVE-2026-53285
Analyzed Analyzed - Analysis Complete

Kernel Crash in AMD Display Driver Due to FPU Preemption

Vulnerability report for CVE-2026-53285, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-07-08

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED [Why] dcn32_validate_bandwidth() wraps dcn32_internal_validate_bw() with DC_FP_START()/DC_FP_END(). In x86 non-RT, DC_FP_START takes fpregs_lock(), which disables local softirqs. The DML1 path through dcn32_enable_phantom_plane() calls kvzalloc() to allocate ~335 KiB for dc_plane_state. This triggers the vmalloc path, which calls BUG_ON(in_interrupt()) because it's invoked within the FPU-enabled (softirq disabled) region, leading to a kernel crash. [How] Wrap the dc_state_create_phantom_plane() call with the DC_RUN_WITH_PREEMPTION_ENABLED() macro to allow preemption during this memory allocation. (cherry picked from commit 885ccbef7b94a8b38f69c4211c679021aa27ad11)

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-07-08
Generated
2026-07-17
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 6.0 (inc) to 7.0.10 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's AMD display driver, specifically in the drm/amd/display component. It involves the allocation of a phantom-plane state in the DCN32 display code path. During this allocation, the code disables local softirqs by taking a lock (fpregs_lock) in a non-real-time x86 environment, which leads to a situation where a memory allocation function (kvzalloc) triggers a kernel crash because it is called in an inappropriate context (within a region where preemption is disabled).

The root cause is that the memory allocation for the phantom-plane state happens while preemption is disabled, which violates kernel constraints and causes a BUG_ON() to be triggered, crashing the kernel.

The fix involves wrapping the phantom-plane allocation call with a macro (DC_RUN_WITH_PREEMPTION_ENABLED) that temporarily enables preemption during this allocation, preventing the crash.

Impact Analysis

This vulnerability can cause the Linux kernel to crash unexpectedly when the affected AMD display driver code path is executed. Such a kernel crash leads to system instability, potential data loss, and downtime.

If you are running systems with the affected Linux kernel and AMD display components, this could result in service interruptions and degraded reliability.

Mitigation Strategies

The vulnerability has been resolved by wrapping the dc_state_create_phantom_plane() call with the DC_RUN_WITH_PREEMPTION_ENABLED() macro to allow preemption during memory allocation.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53285. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart