CVE-2026-46284

Summary

In the Linux kernel, the following vulnerability has been resolved:

mm/hugetlb: fix early boot crash on parameters without '=' separator

If hugepages, hugepagesz, or default_hugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to hugetlb_add_param(), which dereferences it in strlen() and can crash the system during early boot.

Reject NULL values in hugetlb_add_param() and return -EINVAL instead.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux5b47c02967ab770aa7661c8863a21b2fd59e35ff < 2774bcf714739cc6bb86f8812167bb9fbda70f6aaffected
LinuxLinux5b47c02967ab770aa7661c8863a21b2fd59e35ff < 357c6d084b6137ae640209c5bfd01180f985c015affected
LinuxLinux5b47c02967ab770aa7661c8863a21b2fd59e35ff < c45b354911d01565156e38d7f6bc07edb51fc34caffected
LinuxLinux6.15affected
LinuxLinux0 < 6.15unaffected
LinuxLinux6.18.27 <= 6.18.*unaffected
LinuxLinux7.0.4 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References