CVE-2026-53285 in Linux
Summary
by MITRE • 06/26/2026
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED
[Why]
dcn32_validate_bandwidth() wraps dcn32_internal_validate_bw() with DC_FP_START()/DC_FP_END(). In x86 non-RT, DC_FP_START takes fpregs_lock(), which disables local softirqs.
The DML1 path through dcn32_enable_phantom_plane() calls kvzalloc() to allocate ~335 KiB for dc_plane_state. This triggers the vmalloc path, which calls BUG_ON(in_interrupt()) because it's invoked within the FPU-enabled (softirq disabled) region, leading to a kernel crash.
[How]
Wrap the dc_state_create_phantom_plane() call with the DC_RUN_WITH_PREEMPTION_ENABLED() macro to allow preemption during this memory allocation.
(cherry picked from commit 885ccbef7b94a8b38f69c4211c679021aa27ad11)
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/27/2026
The vulnerability resides within the AMD display driver component of the Linux kernel, specifically affecting the dc_n32 validation mechanism. This issue manifests as a critical kernel crash occurring during phantom plane allocation operations within the Display Core (DC) subsystem. The problem stems from improper handling of preemption and interrupt contexts during memory allocation processes, creating a scenario where kernel memory management functions cannot properly execute due to conflicting execution constraints.
The technical flaw occurs when the dcn32_validate_bandwidth() function invokes dcn32_internal_validate_bw() within a protected execution context established by DC_FP_START()/DC_FP_END() macros. Within this context, fpregs_lock() is acquired which disables local softirqs on x86 non-Real-Time systems. This restriction creates an incompatibility with the vmalloc memory allocation path that is triggered by dc_plane_state allocation through kvzalloc(). The vmalloc implementation contains a BUG_ON(in_interrupt()) check that fails when executed within this FPU-enabled region where softirqs are disabled, resulting in immediate kernel panic and system crash.
This vulnerability directly relates to CWE-129 and CWE-691, representing issues with improper handling of interrupt contexts and inadequate preemption control during memory allocation operations. The flaw operates at the kernel level within the display subsystem, specifically targeting the DCN32 (Display Core Next Generation 3.2) validation path that handles bandwidth calculations for AMD graphics hardware. The operational impact extends to all systems running affected Linux kernels where AMD graphics drivers are active, potentially causing unexpected system crashes and service interruptions during normal display operations.
The mitigation strategy involves wrapping the dc_state_create_phantom_plane() function call with the DC_RUN_WITH_PREEMPTION_ENABLED() macro, which allows the kernel to enable preemption during the memory allocation process. This approach ensures that the vmalloc path can execute properly without conflicting with the interrupt context restrictions imposed by the FPU lock mechanism. The fix follows established kernel development practices for handling memory allocation within restricted execution contexts and aligns with ATT&CK technique T1068 which covers privilege escalation through kernel vulnerabilities. This solution maintains system stability while preserving the integrity of the display validation process, allowing proper bandwidth calculations to complete without triggering kernel-level crashes.
The vulnerability demonstrates a classic example of context dependency issues in kernel space where seemingly unrelated components create fatal conflicts due to improper synchronization and preemption handling during memory management operations. The fix represents a targeted approach that addresses the specific execution context requirements of the affected code path while maintaining overall system reliability and performance characteristics of the AMD display subsystem.