Impact
The vulnerability arises when the AMD DRM driver attempts to allocate memory for a phantom plane while the FPU is disabled and softirqs are turned off. Because the vmalloc implementation contains a BUG_ON that asserts the current context must not be an interrupt, the kernel panics and crashes, producing an immediate denial of service. The flaw originates from a misuse of kernel APIs that violate a preemption and interrupt context invariant. This is a CWE-663 weakness: Improper Release of Incomplete Lock.
Affected Systems
All Linux systems using an x86, non‑RT kernel version that lacks the commit adding DC_RUN_WITH_PREEMPTION_ENABLED to the dcn32_enable_phantom_plane path are affected. This includes any distribution that bundles the AMD display driver code for DML1 before the patch commit 885ccbef7b94a8b38f69c4211c679021aa27ad11.
Risk and Exploitability
Based on the description, the attacker most likely needs to trigger the phantom‑plane allocation by interacting with the graphics stack, so the attack vector is inferred to be local privileged access or user interaction. Exploit requires triggering the phantom‑plane allocation path, which typically occurs when a display device is connected or driver interfaces are exercised. The crash is deterministic and the attacker needs local, privileged execution or access to the graphics subsystem. The CVSS score of 5.5 indicates a medium severity, and the EPSS score is < 1%, with no listing in the CISA KEV, implying no known exploitation in the wild. Thus, the risk is moderate to high for systems that expose the graphics subsystem to untrusted users, but lower for strictly isolated, hardened environments.
OpenCVE Enrichment