Wang Xuerui

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 6.5.0 and earlier **Description** The Linux kernel has a vulnerability that can cause a panic when DEFERRED STRUCT PAGE INIT is enabled. This occurs after a specific commit, where the node ID is set to MAX NUMNODES, resulting in a NULL dereference in the call chain reserve bootmem region() -> init reserved page(). The issue arises from early memblock reserve() in memblock init() and can be avoided by setting all reserved memblocks on Node#0 at initialization. **Recommendations** For Linux kernel version 6.5.0 and earlier, update to a newer version that includes the fix for this vulnerability. If updating is not possible, consider applying a patch that sets all reserved memblocks on Node#0 at initialization to avoid the panic.