VDB

CVE-2026-46284

CVE-2026-46284 PUBLISHED

Reported by Linux · Published June 8, 2026

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or default_hugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to hugetlb_add_param(), which dereferences it in strlen() and can crash the system during early boot. Reject NULL values in hugetlb_add_param() and return -EINVAL instead.

Affected Products

VendorProductVersions
LinuxLinux5b47c02967ab770aa7661c8863a21b2fd59e35ff, 5b47c02967ab770aa7661c8863a21b2fd59e35ff, 5b47c02967ab770aa7661c8863a21b2fd59e35ff
LinuxLinux6.15, 0, 6.18.27
linuxlinux_kernel6.15, 6.15, 6.15
LinuxLinux5b47c02967ab770aa7661c8863a21b2fd59e35ff, 5b47c02967ab770aa7661c8863a21b2fd59e35ff, 5b47c02967ab770aa7661c8863a21b2fd59e35ff

Timeline

  • Jun 8, 2026 CVE Published
  • Jun 9, 2026 Coalition ESS Score
  • Jun 10, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›