CVE-2026-46331

NONE EPSS 13.6%
Published Jun 16, 20262w ago · Modified Jun 19, 20261w ago
Find Similar
Published Jun 16, 2026 2w ago
Last Modified Jun 19, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined.

Threat Intelligence

EPSS Exploit Probability
13.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 4

  • git.kernel.org https://git.kernel.org/stable/c/2bec122b9fb91507a758ab5e3e5c4fbe7cb3f61b
  • git.kernel.org https://git.kernel.org/stable/c/3dee9d0c198faeb95d052c1b94c2958751a28512
  • git.kernel.org https://git.kernel.org/stable/c/899ee91156e57784090c5565e4f31bd7dbffbc5a
  • git.kernel.org https://git.kernel.org/stable/c/b198ed4e52580a7238c7c7082f03906f8b310313

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.