CVE-2026-46331

UNKNOWN 0.0

net/sched: fix pedit partial COW leading to page cache corruption

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 16, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

8b796475fd7882663a870456466a4fb315cc1bd6 < 899ee91156e57784090c5565e4f31bd7dbffbc5a d0c38a914b0c4c21d553da801003d36979016726 2ec2dd7d51a9320151f275ddbb2b53260fb32ca1 abe35bf3be51482593076d516a680d79e5fbc8e1 b773640d5bb9e2acfd91e2695717af04d47aa116 c19cc520b3d69904e9518d401ad0df7f4702aca0 4.19.244 < 4.20 5.4.195 < 5.5 5.10.117 < 5.11 5.15.41 < 5.16 5.17.9 < 5.18

Linux / Linux

5.18

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/899ee91156e57784090c5565e4f31bd7dbffbc5a