Linux Kernel Hugetlb Early Boot Parameter Parsing Vulnerability

A vulnerability in the Linux kernel's handling of hugepage parameters during early boot has been fixed. When hugepages, hugepagesz, or default_hugepagesz are specified on the kernel command line without the '=' separator, the parameter parsing incorrectly passes a NULL value to the 'hugetlb_add_param()' function. This NULL dereference can lead to a system crash. The vulnerability has been addressed by modifying 'hugetlb_add_param()' to reject NULL values and return an error instead.

Impact

The vulnerability could cause a system crash during early boot, disrupting the boot process and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, specify hugepages, hugepagesz, or default_hugepagesz on the kernel command line without the '=' separator. This will cause the early parameter parsing to pass a NULL value to 'hugetlb_add_param()', which will then be dereferenced in 'strlen()', leading to a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.