CVE-2026-46331
net/sched: fix pedit partial COW leading to page cache corruption
Vexday Risk Score
41Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 7.8EPSS 0.3%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado
Ciclo de vida
16 jun 2026Publicada en NVD
17 jun 2026PoC pública
Recomendación: Planificar corrección próxima — ya existe PoC pública.
In the Linux kernel, the following vulnerability has been resolved:
net/sched: fix pedit partial COW leading to page cache corruption
tcf_pedit_act() computes the COW range for skb_ensure_writable()
once before the key loop using tcfp_off_max_hint, but the hint does
not account for the runtime header offset added by typed keys. This
can leave part of the write region un-COW'd.
Fix by moving skb_ensure_writable() inside the per-key loop where
the actual write offset is known, and add overflow checking on the
offset arithmetic. For negative offsets (e.g. Ethernet header edits
at ingress), use skb_cow() to COW the headroom instead. Guard
offset_valid() against INT_MIN, where negation is undefined.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Linux · LinuxPoCs públicas encontradas — 8
githubgithub.com/sgkdev/packet_edit_meme★ 112githubgithub.com/0xBlackash/CVE-2026-46331★ 17githubgithub.com/vulnquest58/dirtyclone-exploit★ 1githubgithub.com/HORKimhab/CVE-2026-46331★ 0githubgithub.com/Quaerendir/cve-2026-46331-audit★ 0githubgithub.com/seguridadentrerios/CVE-2026-46331★ 0githubgithub.com/g0thamRabb1t/cve-2026-46331-pedit-cow-auditd-detection★ 0cve_referencegithub.com/sgkdev/packet_edit_meme/tree/mainno verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2026:27288https://access.redhat.com/errata/RHSA-2026:27353https://access.redhat.com/errata/RHSA-2026:27354https://access.redhat.com/errata/RHSA-2026:27355https://access.redhat.com/errata/RHSA-2026:27704https://access.redhat.com/errata/RHSA-2026:27705https://access.redhat.com/errata/RHSA-2026:27706https://access.redhat.com/errata/RHSA-2026:27707https://access.redhat.com/errata/RHSA-2026:27708https://access.redhat.com/errata/RHSA-2026:27709https://access.redhat.com/errata/RHSA-2026:27713https://access.redhat.com/errata/RHSA-2026:27731