CVE Catalog

CVE-2026-46331

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

A vulnerability was found in the Linux kernel's pedit (packet editor) mechanism in the networking subsystem. The bug causes a partial copy-on-write (COW), potentially leading to page cache corruption.

Risk Assessment

An attacker could exploit this vulnerability to corrupt page cache data, leading to unpredictable system behavior, information disclosure, or potential privilege escalation.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit fixing the bug in net/sched: fix pedit partial COW).

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS