CVE-2026-46331

Enriched by CISA

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined.
https://nvd.nist.gov/vuln/detail/CVE-2026-46331

References

416baaa9-dc9f-4396-8d5f-8c081fb06d67

https://git.kernel.org/stable/c/2bec122b9fb91507a758ab5e3e5c4fbe7cb3f61b
https://git.kernel.org/stable/c/3dee9d0c198faeb95d052c1b94c2958751a28512
https://git.kernel.org/stable/c/899ee91156e57784090c5565e4f31bd7dbffbc5a
https://git.kernel.org/stable/c/b198ed4e52580a7238c7c7082f03906f8b310313

AFFECTED (from MITRE)

Vendor	Product	Versions
Linux	Linux	8b796475fd7882663a870456466a4fb315cc1bd6 < 2bec122b9fb91507a758ab5e3e5c4fbe7cb3f61b [affected] 8b796475fd7882663a870456466a4fb315cc1bd6 < b198ed4e52580a7238c7c7082f03906f8b310313 [affected] 8b796475fd7882663a870456466a4fb315cc1bd6 < 3dee9d0c198faeb95d052c1b94c2958751a28512 [affected] 8b796475fd7882663a870456466a4fb315cc1bd6 < 899ee91156e57784090c5565e4f31bd7dbffbc5a [affected] d0c38a914b0c4c21d553da801003d36979016726 [affected] 2ec2dd7d51a9320151f275ddbb2b53260fb32ca1 [affected] abe35bf3be51482593076d516a680d79e5fbc8e1 [affected] b773640d5bb9e2acfd91e2695717af04d47aa116 [affected] c19cc520b3d69904e9518d401ad0df7f4702aca0 [affected] 4.19.244 < 4.20 [affected] 5.4.195 < 5.5 [affected] 5.10.117 < 5.11 [affected] 5.15.41 < 5.16 [affected] 5.17.9 < 5.18 [affected]
Linux	Linux	5.18 [affected] < 5.18 [unaffected] 6.12.94 ≤ 6.12.* [unaffected] 6.18.36 ≤ 6.18.* [unaffected] 7.0.13 ≤ 7.0.* [unaffected] 7.1 ≤ * [unaffected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe	start	end
Configuration 1
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.18	< 6.12.94
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.18	< 6.18.36
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.18	< 7.0.13
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.18	< 7.1
cpe:2.3:o:linux:linux_kernel::::::::	>= 4.19.244
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.4.195
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.10.117
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.15.41
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.17.9

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee