CVE-2026-46331
net/sched: fix pedit partial COW leading to page cache corruption
Vexday Risk Score
41Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS 7.8EPSS 0.3%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado
Ciclo de vida
16 jun 2026Publicada no NVD
17 jun 2026PoC pública
Recomendação: Planejar correção próxima — já existe PoC pública.
In the Linux kernel, the following vulnerability has been resolved:
net/sched: fix pedit partial COW leading to page cache corruption
tcf_pedit_act() computes the COW range for skb_ensure_writable()
once before the key loop using tcfp_off_max_hint, but the hint does
not account for the runtime header offset added by typed keys. This
can leave part of the write region un-COW'd.
Fix by moving skb_ensure_writable() inside the per-key loop where
the actual write offset is known, and add overflow checking on the
offset arithmetic. For negative offsets (e.g. Ethernet header edits
at ingress), use skb_cow() to COW the headroom instead. Guard
offset_valid() against INT_MIN, where negation is undefined.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Linux · LinuxPoCs públicas encontradas — 8
githubgithub.com/sgkdev/packet_edit_meme★ 112githubgithub.com/0xBlackash/CVE-2026-46331★ 17githubgithub.com/vulnquest58/dirtyclone-exploit★ 1githubgithub.com/HORKimhab/CVE-2026-46331★ 0githubgithub.com/Quaerendir/cve-2026-46331-audit★ 0githubgithub.com/seguridadentrerios/CVE-2026-46331★ 0githubgithub.com/g0thamRabb1t/cve-2026-46331-pedit-cow-auditd-detection★ 0cve_referencegithub.com/sgkdev/packet_edit_meme/tree/mainnão verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2026:27288https://access.redhat.com/errata/RHSA-2026:27353https://access.redhat.com/errata/RHSA-2026:27354https://access.redhat.com/errata/RHSA-2026:27355https://access.redhat.com/errata/RHSA-2026:27704https://access.redhat.com/errata/RHSA-2026:27705https://access.redhat.com/errata/RHSA-2026:27706https://access.redhat.com/errata/RHSA-2026:27707https://access.redhat.com/errata/RHSA-2026:27708https://access.redhat.com/errata/RHSA-2026:27709https://access.redhat.com/errata/RHSA-2026:27713https://access.redhat.com/errata/RHSA-2026:27731