mm/hugetlb: fix early boot crash on parameters without '=' separator
CVE-2026-46284

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 June 2026

What is CVE-2026-46284?

In the Linux kernel, the following vulnerability has been resolved:

mm/hugetlb: fix early boot crash on parameters without '=' separator

If hugepages, hugepagesz, or default_hugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to hugetlb_add_param(), which dereferences it in strlen() and can crash the system during early boot.

Reject NULL values in hugetlb_add_param() and return -EINVAL instead.

Affected Version(s)

Linux 5b47c02967ab770aa7661c8863a21b2fd59e35ff < 2774bcf714739cc6bb86f8812167bb9fbda70f6a

Linux 5b47c02967ab770aa7661c8863a21b2fd59e35ff < 357c6d084b6137ae640209c5bfd01180f985c015

Linux 5b47c02967ab770aa7661c8863a21b2fd59e35ff

References

https://git.kernel.org/stable/c/2774bcf714739cc6bb86f8812...

https://git.kernel.org/stable/c/357c6d084b6137ae640209c5b...

https://git.kernel.org/stable/c/c45b354911d01565156e38d7f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46284 Data

JSON