Tag

Cve 2026 46331

All articles tagged with #cve 2026 46331

Linux kernel pedit COW flaw lets local users gain root by poisoning in-memory binaries
technology14 days ago

Linux kernel pedit COW flaw lets local users gain root by poisoning in-memory binaries

A Linux kernel flaw in the traffic-control pedit action (CVE-2026-46331, 'pedit COW') lets a local unprivileged user corrupt the in-memory page cache and inject a root payload into a cached setuid binary, yielding root access without touching disk. The exploit requires unprivileged user namespaces with CAP_NET_ADMIN and has been demonstrated on RHEL 10 and Debian 13; Ubuntu variants show mixed susceptibility due to AppArmor defaults. Patches have been released by vendors; recommended actions are patching and rebooting, or mitigating by disabling the act_pedit module or turning off unprivileged user namespaces. Because the overwrite hits memory, file-integrity scans may miss it, and a compromised host should be treated as such.