PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-53285 Linux CVE debrief

CVE-2026-53285 is a vulnerability in the Linux kernel that has been resolved. The vulnerability is related to the drm/amd/display module and involves wrapping DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED. This vulnerability was introduced due to a conflict between FPU-enabled regions and memory allocation, leading to a kernel crash. The issue arises from dcn32_validate_bandwidth() wrapping dcn32_internal_validate_bw() with DC_FP_START()/DC_FP_END(), which disables local softirqs on x86 non-RT systems. When the DML1 path through dcn32_enable_phantom_plane() calls kvzalloc() to allocate approximately 335 KiB for dc_plane_state, it triggers the vmalloc path. The vmalloc path calls BUG_ON(in_interrupt()) because it's invoked within the FPU-enabled region, resulting in a kernel crash. To resolve this issue, the dc_state_create_phantom_plane() call is wrapped with the DC_RUN_WITH_PREEMPTION_ENABLED() macro, allowing preemption during memory allocation.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-26
Original CVE updated
2026-06-30
Advisory published
2026-06-26
Advisory updated
2026-06-30

Who should care

Linux kernel developers and maintainers, Linux distribution vendors, and users of Linux-based systems should be aware of this vulnerability. Although the vulnerability has been resolved, it is essential for developers and maintainers to review the patch and ensure that it is applied correctly. Linux distribution vendors should update their kernel packages to include the fix. Users of Linux-based systems should ensure that their systems are updated with the latest kernel packages.

Technical summary

The vulnerability is caused by a conflict between FPU-enabled regions and memory allocation in the drm/amd/display module. Specifically, dcn32_validate_bandwidth() wraps dcn32_internal_validate_bw() with DC_FP_START()/DC_FP_END(), which disables local softirqs on x86 non-RT systems. When the DML1 path through dcn32_enable_phantom_plane() calls kvzalloc() to allocate memory, it triggers the vmalloc path, which calls BUG_ON(in_interrupt()) and results in a kernel crash. The fix involves wrapping the dc_state_create_phantom_plane() call with the DC_RUN_WITH_PREEMPTION_ENABLED() macro to allow preemption during memory allocation.

Defensive priority

High priority should be given to applying the patch to resolve this vulnerability. Linux kernel developers and maintainers should review the patch and ensure that it is applied correctly. Linux distribution vendors should update their kernel packages to include the fix.

Recommended defensive actions

  • Review the patch and ensure that it is applied correctly to the Linux kernel.
  • Update Linux kernel packages to include the fix.
  • Verify that the DC_RUN_WITH_PREEMPTION_ENABLED() macro is correctly implemented and applied.
  • Monitor systems for any potential issues related to this vulnerability.
  • Perform regular kernel updates to ensure that the latest security patches are applied.

Evidence notes

The vulnerability was introduced due to a conflict between FPU-enabled regions and memory allocation. The fix involves wrapping the dc_state_create_phantom_plane() call with the DC_RUN_WITH_PREEMPTION_ENABLED() macro. The vulnerability has been resolved, and the patch has been applied to the Linux kernel. However, it is essential to review the patch and ensure that it is applied correctly.

Official resources

This article is AI-assisted and based on the supplied source corpus.