{"cve":{"cve_id":"CVE-2026-46331","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00291,"epss_percentile":0.20561,"epss_as_of":"2026-06-23","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix pedit partial COW leading to page cache corruption\n\ntcf_pedit_act() computes the COW range for skb_ensure_writable()\nonce before the key loop using tcfp_off_max_hint, but the hint does\nnot account for the runtime header offset added by typed keys. This\ncan leave part of the write region un-COW'd.\n\nFix by moving skb_ensure_writable() inside the per-key loop where\nthe actual write offset is known, and add overflow checking on the\noffset arithmetic. For negative offsets (e.g. Ethernet header edits\nat ingress), use skb_cow() to COW the headroom instead. Guard\noffset_valid() against INT_MIN, where negation is undefined.","published_at":"2026-06-16T06:26:21.066000Z","last_modified_at":null,"cvss_v3_score":7.8,"cvss_v3_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":null,"nvd_references":["https://git.kernel.org/stable/c/2bec122b9fb91507a758ab5e3e5c4fbe7cb3f61b","https://git.kernel.org/stable/c/b198ed4e52580a7238c7c7082f03906f8b310313","https://git.kernel.org/stable/c/3dee9d0c198faeb95d052c1b94c2958751a28512","https://git.kernel.org/stable/c/899ee91156e57784090c5565e4f31bd7dbffbc5a"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:30:37.146260Z"},"effective_severity":"HIGH","badges":["news"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"8b796475fd7882663a870456466a4fb315cc1bd6","version_start_inclusive":true,"version_end":"2bec122b9fb91507a758ab5e3e5c4fbe7cb3f61b","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:8b796475fd7882663a870456466a4fb315cc1bd6:2bec122b9fb91507a758ab5e3e5c4fbe7cb3f61b"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"8b796475fd7882663a870456466a4fb315cc1bd6","version_start_inclusive":true,"version_end":"b198ed4e52580a7238c7c7082f03906f8b310313","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:8b796475fd7882663a870456466a4fb315cc1bd6:b198ed4e52580a7238c7c7082f03906f8b310313"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"8b796475fd7882663a870456466a4fb315cc1bd6","version_start_inclusive":true,"version_end":"3dee9d0c198faeb95d052c1b94c2958751a28512","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:8b796475fd7882663a870456466a4fb315cc1bd6:3dee9d0c198faeb95d052c1b94c2958751a28512"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"8b796475fd7882663a870456466a4fb315cc1bd6","version_start_inclusive":true,"version_end":"899ee91156e57784090c5565e4f31bd7dbffbc5a","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:8b796475fd7882663a870456466a4fb315cc1bd6:899ee91156e57784090c5565e4f31bd7dbffbc5a"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"d0c38a914b0c4c21d553da801003d36979016726","version_start_inclusive":true,"version_end":"d0c38a914b0c4c21d553da801003d36979016726","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:d0c38a914b0c4c21d553da801003d36979016726:d0c38a914b0c4c21d553da801003d36979016726"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"2ec2dd7d51a9320151f275ddbb2b53260fb32ca1","version_start_inclusive":true,"version_end":"2ec2dd7d51a9320151f275ddbb2b53260fb32ca1","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:2ec2dd7d51a9320151f275ddbb2b53260fb32ca1:2ec2dd7d51a9320151f275ddbb2b53260fb32ca1"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"abe35bf3be51482593076d516a680d79e5fbc8e1","version_start_inclusive":true,"version_end":"abe35bf3be51482593076d516a680d79e5fbc8e1","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:abe35bf3be51482593076d516a680d79e5fbc8e1:abe35bf3be51482593076d516a680d79e5fbc8e1"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"b773640d5bb9e2acfd91e2695717af04d47aa116","version_start_inclusive":true,"version_end":"b773640d5bb9e2acfd91e2695717af04d47aa116","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:b773640d5bb9e2acfd91e2695717af04d47aa116:b773640d5bb9e2acfd91e2695717af04d47aa116"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"c19cc520b3d69904e9518d401ad0df7f4702aca0","version_start_inclusive":true,"version_end":"c19cc520b3d69904e9518d401ad0df7f4702aca0","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:c19cc520b3d69904e9518d401ad0df7f4702aca0:c19cc520b3d69904e9518d401ad0df7f4702aca0"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"4.19.244","version_start_inclusive":true,"version_end":"4.20","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:4.19.244:4.20"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.4.195","version_start_inclusive":true,"version_end":"5.5","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:5.4.195:5.5"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.10.117","version_start_inclusive":true,"version_end":"5.11","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:5.10.117:5.11"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.15.41","version_start_inclusive":true,"version_end":"5.16","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:5.15.41:5.16"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.17.9","version_start_inclusive":true,"version_end":"5.18","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:5.17.9:5.18"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.18","version_start_inclusive":true,"version_end":"5.18","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:5.18:5.18"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"0","version_start_inclusive":true,"version_end":"5.18","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:0:5.18"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.12.94","version_start_inclusive":true,"version_end":"6.12.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.12.94:6.12.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.18.36","version_start_inclusive":true,"version_end":"6.18.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.18.36:6.18.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.0.13","version_start_inclusive":true,"version_end":"7.0.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.0.13:7.0.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.1","version_start_inclusive":true,"version_end":"*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.1:*"}],"exploit_refs":[],"news":[{"id":148,"source":"The Hacker News","url":"https://thehackernews.com/2026/06/new-linux-pedit-cow-exploit-enables.html","title":"New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries","summary":"A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems.\n\nCVE-2026-46331, nicknamed \"pedit COW,\" is an out-of-bounds write in the packet-editing action (act_pedit) that corrupts shared page-cache memory. A&nbsp;public, working exploit&nbsp;appeared within a day of the CVE assignment on June 16. Red Hat&nbsp;rates the flaw as","thumbnail_url":"https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBWN46D03nuGH8FWFxZD7Ax6T3Wvmf5bt3WrqjghU6ZJU65L6pfoPjt2fVw4-dGXfyEx8fkygfYUftIDlMpPaRcegTEH6eL58nSyiFvbbg5A0GxtFTIhwQUIj16DF-vIqiH2B6jnC7C3DebkJja3v6ayIjOF-eY5DoDL9qef319S3m4ny2lnodtc1WeE59/s1600/linux-cow.jpg","author":"info@thehackernews.com (The Hacker News)","published_at":"2026-06-26T13:57:55Z","fetched_at":"2026-06-29T03:15:31.417532Z","trending_score":null,"cve_ids":["CVE-2026-46331"]}],"references":[{"url":"https://git.kernel.org/stable/c/2bec122b9fb91507a758ab5e3e5c4fbe7cb3f61b","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/b198ed4e52580a7238c7c7082f03906f8b310313","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/3dee9d0c198faeb95d052c1b94c2958751a28512","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/899ee91156e57784090c5565e4f31bd7dbffbc5a","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-06-16T06:26:21.066000Z","label":"CVE published","source":null},{"type":"first_article","at":"2026-06-26T13:57:55Z","label":"First news coverage","source":"The Hacker News"},{"type":"cvss_changed","at":"2026-06-28T17:54:49.174395Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:54:49.174395Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:54:49.174395Z","label":"CVSS score revised","source":"cvelistv5"}]}