AI description
CVE-2026-46331, dubbed "pedit COW," is a local privilege escalation vulnerability found within the Linux kernel's traffic-control subsystem, specifically affecting the `act_pedit` packet-editing action. The flaw stems from a "partial Copy-on-Write (COW)" failure where the `tcf_pedit_act()` function incorrectly calculates the writable range. It computes this range before accounting for runtime header offsets introduced by typed keys, leading to an out-of-bounds write that corrupts shared page-cache memory. Exploitation of this vulnerability allows a local unprivileged user to gain root access on affected systems. Attackers can achieve this by poisoning the cached copy of a setuid root binary, such as `/bin/su`, in memory. They inject a malicious payload into this cached image, which then executes with root privileges when the binary is invoked, all while leaving the on-disk file integrity checks undisturbed. Successful exploitation typically requires `act_pedit` to be loadable and unprivileged user namespaces to be enabled, granting the necessary `CAP_NET_ADMIN` capability.
- Description
- In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
8
Tails 7.9.1 is out: https://t.co/1TZmZC8BtT It fixes CVE-2026-43503 (*DirtyClone*) and CVE-2026-46331 (*PACKET_EDIT_MEME*).
@Tails_live
1 Jul 2026
4331 Impressions
22 Retweets
84 Likes
5 Bookmarks
2 Replies
1 Quote
Thread — CVE-2026-46331 "pedit COW" 🔴 1. 🧵Imagine leaving your house, locking the door — but someone already swapped your key while you slept. No forced entry. No alarm. That's CVE-2026-46331. - A Linux flaw that gives attackers root access without breaking a single lo
@Nu11Sector
29 Jun 2026
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISO Daily Briefing: Amazon Q Developer CVE-2026-12957 (CVSS 8.5) — MCP auto-execution, no user interaction required, Miasma worm across 73 GitHub repos; Linux LPEs CVE-2026-46331 + CVE-2026-43503 bypass file integrity monitoring entirely in memory. Fable 5/Mythos 5 suspended f
@cloudsa
28 Jun 2026
428 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Open-source defensive toolkit against #DirtyClone (CVE-2026-43503) and #peditCOW (CVE-2026-46331). While patching remains the ultimate solution, this toolkit helps you close the gap while you patch. https://t.co/2ETRhoK5oU
@douglasmun
28 Jun 2026
234 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/3 A new Linux kernel exploit nicknamed pedit COW lets a local unprivileged user gain root. CVE-2026-46331 is an out-of-bounds write in act_pedit that corrupts shared page-cache memory. A working exploit appeared within a day. #CVE #Linux #PrivEsc #cybersecurity
@CyberTLDR
27 Jun 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Linux kernel flaw CVE-2026-46331 allows local users to gain root access, Red Hat rates it as severe, can you trust your Linux systems to be secure after June 16? #LinuxSecurity #CVE #RootAccess Source: New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
@Soemailsecurity
27 Jun 2026
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
pedit COW (CVE-2026-46331) is a Linux kernel flaw that lets unprivileged users gain root via page cache corruption.Patch now or disable act_pedit. For More: https://t.co/BqDkEZ4lVS #peditCOW #CVE #LinuxKernel #PrivilegeEscalation #RootAccess #CyberSecurity #Linux #InfoSec #RHEL
@redsecuretech
27 Jun 2026
43 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-46331 CVE-2026-43503 アルマリナックス対応済み
@hacker_infra
26 Jun 2026
206 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes