CVE-2026-46284

Source
https://cve.org/CVERecord?id=CVE-2026-46284
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46284.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46284
Downstream
Related
Published
2026-06-08T15:41:27.467Z
Modified
2026-06-18T03:54:32.849720350Z
Summary
mm/hugetlb: fix early boot crash on parameters without '=' separator
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/hugetlb: fix early boot crash on parameters without '=' separator

If hugepages, hugepagesz, or defaulthugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to hugetlbadd_param(), which dereferences it in strlen() and can crash the system during early boot.

Reject NULL values in hugetlbaddparam() and return -EINVAL instead.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46284.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5b47c02967ab770aa7661c8863a21b2fd59e35ff
Fixed
2774bcf714739cc6bb86f8812167bb9fbda70f6a
Fixed
357c6d084b6137ae640209c5bfd01180f985c015
Fixed
c45b354911d01565156e38d7f6bc07edb51fc34c

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46284.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.15.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46284.json"