diff --git a/target/linux/realtek/patches-6.6/320-harden-fw_init_cmdline.patch b/target/linux/realtek/patches-6.6/320-harden-fw_init_cmdline.patch
new file mode 100644
index 0000000000..d45932b977
--- /dev/null
+++ b/target/linux/realtek/patches-6.6/320-harden-fw_init_cmdline.patch
@@ -0,0 +1,38 @@
+From e813f48461b8011244b3e7dfe118cf94fd595f0d Mon Sep 17 00:00:00 2001
+From: Markus Stockhausen <markus.stockhausen@gmx.de>
+Date: Sun, 25 Aug 2024 13:09:48 -0400
+Subject: [PATCH] realtek: harden fw_init_cmdline()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Some devices (e.g. HP JG924A) hand over other than expected kernel boot
+arguments. Looking at these one can see:
+
+fw_init_cmdline: fw_arg0=00020000
+fw_init_cmdline: fw_arg1=00060000
+fw_init_cmdline: fw_arg2=fffdffff
+fw_init_cmdline: fw_arg3=0000416c
+
+Especially fw_arg2 should be the pointer to the environment and it looks
+very suspicous. It is not aligned and the address is outside KSEG0 and
+KSEG1. Booting the device will result in a hang. Do better at verifying
+the address.
+
+Signed-off-by: Bjørn Mork <bjorn@mork.no>
+Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
+---
+ arch/mips/fw/lib/cmdline.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/fw/lib/cmdline.c
++++ b/arch/mips/fw/lib/cmdline.c
+@@ -31,7 +31,7 @@ void __init fw_init_cmdline(void)
+ 	}
+ 
+ 	/* Validate environment pointer. */
+-	if (fw_arg2 < CKSEG0)
++	if (fw_arg2 < CKSEG0 || fw_arg2 >= CKSEG2)
+ 		_fw_envp = NULL;
+ 	else
+ 		_fw_envp = (int *)fw_arg2;