PatchSiren cyber security CVE debrief
CVE-2026-53285 Linux CVE debrief
CVE-2026-53285 is a vulnerability in the Linux kernel that has been resolved. The vulnerability is related to the drm/amd/display module and involves wrapping DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED. This vulnerability was introduced due to a conflict between FPU-enabled regions and memory allocation, leading to a kernel crash. The issue arises from dcn32_validate_bandwidth() wrapping dcn32_internal_validate_bw() with DC_FP_START()/DC_FP_END(), which disables local softirqs on x86 non-RT systems. When the DML1 path through dcn32_enable_phantom_plane() calls kvzalloc() to allocate approximately 335 KiB for dc_plane_state, it triggers the vmalloc path. The vmalloc path calls BUG_ON(in_interrupt()) because it's invoked within the FPU-enabled region, resulting in a kernel crash. To resolve this issue, the dc_state_create_phantom_plane() call is wrapped with the DC_RUN_WITH_PREEMPTION_ENABLED() macro, allowing preemption during memory allocation.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-26
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-06-26
- Advisory updated
- 2026-06-30
Who should care
Linux kernel developers and maintainers, Linux distribution vendors, and users of Linux-based systems should be aware of this vulnerability. Although the vulnerability has been resolved, it is essential for developers and maintainers to review the patch and ensure that it is applied correctly. Linux distribution vendors should update their kernel packages to include the fix. Users of Linux-based systems should ensure that their systems are updated with the latest kernel packages.
Technical summary
The vulnerability is caused by a conflict between FPU-enabled regions and memory allocation in the drm/amd/display module. Specifically, dcn32_validate_bandwidth() wraps dcn32_internal_validate_bw() with DC_FP_START()/DC_FP_END(), which disables local softirqs on x86 non-RT systems. When the DML1 path through dcn32_enable_phantom_plane() calls kvzalloc() to allocate memory, it triggers the vmalloc path, which calls BUG_ON(in_interrupt()) and results in a kernel crash. The fix involves wrapping the dc_state_create_phantom_plane() call with the DC_RUN_WITH_PREEMPTION_ENABLED() macro to allow preemption during memory allocation.
Defensive priority
High priority should be given to applying the patch to resolve this vulnerability. Linux kernel developers and maintainers should review the patch and ensure that it is applied correctly. Linux distribution vendors should update their kernel packages to include the fix.
Recommended defensive actions
- Review the patch and ensure that it is applied correctly to the Linux kernel.
- Update Linux kernel packages to include the fix.
- Verify that the DC_RUN_WITH_PREEMPTION_ENABLED() macro is correctly implemented and applied.
- Monitor systems for any potential issues related to this vulnerability.
- Perform regular kernel updates to ensure that the latest security patches are applied.
Evidence notes
The vulnerability was introduced due to a conflict between FPU-enabled regions and memory allocation. The fix involves wrapping the dc_state_create_phantom_plane() call with the DC_RUN_WITH_PREEMPTION_ENABLED() macro. The vulnerability has been resolved, and the patch has been applied to the Linux kernel. However, it is essential to review the patch and ensure that it is applied correctly.
Official resources
-
CVE-2026-53285 CVE record
CVE.org
-
CVE-2026-53285 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
This article is AI-assisted and based on the supplied source corpus.