CVE-2026-46284 PUBLISHED

mm/hugetlb: fix early boot crash on parameters without '=' separator

Assigner: Linux
Reserved: 13.05.2026 Published: 08.06.2026 Updated: 14.06.2026

In the Linux kernel, the following vulnerability has been resolved:

mm/hugetlb: fix early boot crash on parameters without '=' separator

If hugepages, hugepagesz, or default_hugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to hugetlb_add_param(), which dereferences it in strlen() and can crash the system during early boot.

Reject NULL values in hugetlb_add_param() and return -EINVAL instead.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 5b47c02967ab770aa7661c8863a21b2fd59e35ff to 2774bcf714739cc6bb86f8812167bb9fbda70f6a (excl.) affected from 5b47c02967ab770aa7661c8863a21b2fd59e35ff to 357c6d084b6137ae640209c5bfd01180f985c015 (excl.) affected from 5b47c02967ab770aa7661c8863a21b2fd59e35ff to c45b354911d01565156e38d7f6bc07edb51fc34c (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.15 is affected unaffected from 0 to 6.15 (excl.) unaffected from 6.18.27 to 6.18.* (incl.) unaffected from 7.0.4 to 7.0.* (incl.) unaffected from 7.1 to * (incl.)

CVE-2026-46284 PUBLISHED

mm/hugetlb: fix early boot crash on parameters without '=' separator

Product Status

References