In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined.
[POC] CVE-2026-46331 — packet_edit_meme
PACKET_EDIT_MEME.c (aka CVE-2026-46331): yet another page cache poisoning nightmare
[POC] MAL-2026-2307 — CVE-2026-46331
CVE-2026-46331
[POC] MAL-2026-2307 — CVE-2026-46331
CVE-2026-46331 - Draft
[POC] MAL-2026-2307 — cve-2026-46331-audit
cve-2026-46331-audit script
[POC] MAL-2026-2307 — CVE-2026-46331
Chequeo y Fix de la vulnerabilidad "pedit COW"
[POC] GHSA-2j8v-hwgc-x698 — CVE-2026-46331
pedit COW
[POC] CVE-2026-46331 — cve-2026-46331-pedit-cow-auditd-detection
Defensive validation of CVE-2026-46331 / pedit COW with auditd, AppArmor, mitigation comparison and detection logic.
PoC: dirtyclone-exploit
CVE-2026-46331 — Linux Kernel Local Privilege Escalation TC pedit + IPsec TEE Page Cache Corruption · Affected kernels: ≤ 6.12.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free