CVE-2026-53285

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Wrap DCN32 phantom-plane allocation in DC RUN WITH PREEMPTION ENABLED

[Why] dcn32 validate bandwidth() wraps dcn32 internal validate bw() with DC FP START()/DC FP END(). In x86 non-RT, DC FP START takes fpregs lock(), which disables local softirqs.

The DML1 path through dcn32 enable phantom plane() calls kvzalloc() to allocate ~335 KiB for dc plane state. This triggers the vmalloc path, which calls BUG ON(in interrupt()) because it's invoked within the FPU-enabled (softirq disabled) region, leading to a kernel crash.

[How] Wrap the dc state create phantom plane() call with the DC RUN WITH PREEMPTION ENABLED() macro to allow preemption during this memory allocation.

(cherry picked from commit 885ccbef7b94a8b38f69c4211c679021aa27ad11)