CVE-2026-46331 – Linux Security Update
“A small mistake in memory handling can have system-wide consequences.”
This security update addresses CVE-2026-46331, a high-severity vulnerability in the Linux kernel networking scheduler. The issue occurs in tcf_pedit_act(), where incorrect copy-on-write (COW) handling can leave part of a writable memory region unprotected, leading to page cache corruption. The CVSS score is 7.8, which is High severity.
The update moves the writable memory validation into the per-key processing loop, adds overflow checks for offset calculations, and correctly handles negative offsets using skb_cow(). These changes prevent page cache corruption during packet editing operations. A public proof-of-concept has been confirmed for this vulnerability. There is no verified evidence of active real-world exploitation.
Key Details
- Affected Product
- Linux Linux Kernel
- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- CWE Classification
- CWE-190