CVE-2026-46331
In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined.
Affected versions
Linux kernel versions
4.19.244,
5.4.195,
5.10.117,
5.15.41,
5.17.9,
5.18
and later are affected. Fixed in
7.1
and their respective stable series.
References
1 totalFrequently asked questions
-
What is CVE-2026-46331?
CVE-2026-46331 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.19.244 onward and has been patched in 7.1. CVE-2026-46331 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-46331?
Yes — CVE-2026-46331 has been patched. Fixed versions include 7.1. If you are running Linux kernel 4.19.244 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-46331 actively exploited?
No — CVE-2026-46331 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.