Home

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED [Why] dcn32_validate_bandwidth() wraps dcn32_internal_validate_bw() with DC_FP_START()/DC_FP_END(). In x86 non-RT, DC_FP_START takes fpregs_lock(), which disables local softirqs. The DML1 path through dcn32_enable_phantom_plane() calls kvzalloc() to allocate ~335 KiB for dc_plane_state. This triggers the vmalloc path, which calls BUG_ON(in_interrupt()) because it's invoked within the FPU-enabled (softirq disabled) region, leading to a kernel crash. [How] Wrap the dc_state_create_phantom_plane() call with the DC_RUN_WITH_PREEMPTION_ENABLED() macro to allow preemption during this memory allocation. (cherry picked from commit 885ccbef7b94a8b38f69c4211c679021aa27ad11)

PUBLISHED Reserved 2026-06-09 | Published 2026-06-26 | Updated 2026-06-26 | Assigner Linux

Product status

Default status
unaffected

235c67634230b0f9ad8c0185272fed36c892b1c4 (git) before 30bb2ec6695d62f63db4aa6179c4626834ed0cd6
affected

235c67634230b0f9ad8c0185272fed36c892b1c4 (git) before 183182235f6d53bac62c6c39014738a54a68dfa6
affected

Default status
affected

6.0
affected

Any version before 6.0
unaffected

7.0.10 (semver)
unaffected

7.1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/30bb2ec6695d62f63db4aa6179c4626834ed0cd6

git.kernel.org/...c/183182235f6d53bac62c6c39014738a54a68dfa6

cve.org (CVE-2026-53285)

nvd.nist.gov (CVE-2026-53285)

Download JSON