All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Critical Linux Kernel Flaw CVE-2026-46331 (Pedit COW) Enables Unprivileged Users to Gain Root Access via Cache Poisoning

By

HackMoN Ai

3h ago· 6 min readenNews

Summary

A critical Linux kernel vulnerability, CVE-2026-46331 (dubbed "Pedit COW"), has been discovered in the net/sched subsystem's act_pedit component. This local privilege escalation (LPE) flaw allows any unprivileged user to gain full root access by exploiting a partial copy-on-write bug to corrupt the kernel's page cache. The exploit, named packet_edit_meme, can overwrite cached memory of setuid binaries like /bin/su without touching the filesystem. The vulnerability affects multiple Linux distributions including Ubuntu, Debian, Fedora, RHEL, Arch Linux, and SUSE. A proof-of-concept exploit has been released, and while no official patch exists yet, mitigations include disabling the act_pedit kernel module and applying strict access controls.

Source

bskyCritical Linux Kernel Flaw CVE-2026-46331 (Pedit COW) Enables Unprivileged Users to Gain Root Access via Cache Poisoningundercodetesting.com

Key quotes

· 5 pulled
This local privilege escalation (LPE) flaw enables any unprivileged user on a vulnerable system to gain full root access by corrupting the kernel's page cache.
The exploit, named packet_edit_meme, weaponizes a partial copy-on-write (COW) bug in the `net/sched` subsystem's `act_pedit` component, allowing attackers to overwrite the cached memory of a setuid binary like `/bin/su` without ever touching the filesystem.
The vulnerability has been confirmed across multiple distributions, including Ubuntu, Debian, Fedora, RHEL, Arch Linux, and SUSE, with varying degrees of exposure.
As of this writing, no official patch has been released for CVE-2026-46331, leaving administrators in a precarious position.
The most effective immediate mitigation is to disable the `act_pedit` kernel module if it is not required for your networking setup.
Snippet from the RSS feed
Critical Linux Kernel Flaw CVE-2026-46331 (Pedit COW) Allows Any Unprivileged User to Gain Root Access via Cache Poisoning + Video - "Undercode Testing":

You might also wanna read

Exploiting CVE-2024-50264: Using Kernel-Hack-Drill to Overcome Linux Kernel Vulnerability Challenges

This technical article details the exploitation of CVE-2024-50264, a challenging Linux kernel vulnerability that won the Pwnie Award 2025 fo

a13xp0p0v.github.io·10mo ago

Copy Fail: Critical Linux Kernel Vulnerability (CVE-2026-31431) Grants Root Access Across Major Distributions

Xint Code disclosed CVE-2026-31431, a critical Linux kernel vulnerability dubbed "Copy Fail." The bug exploits an authencesn scratch-write v

xint.io·2mo ago

CVE-2026-31431 "CopyFail": Linux Local Privilege Escalation Vulnerability Disclosed

A Linux kernel vulnerability (CVE-2026-31431), nicknamed "CopyFail," has been disclosed on the oss-security mailing list. The vulnerability

openwall.com·2mo ago

CVE-2026-31431 "Copy Fail" Linux Kernel LPE Exploit Proof-of-Concept Released

This article presents a proof-of-concept exploit toolkit for CVE-2026-31431 ("Copy Fail"), a Linux kernel vulnerability in the algif_aead/au

GitHub·2mo ago

Copy Fail (CVE-2026-31431): Critical Linux Kernel LPE Vulnerability Affecting All Major Distributions

A critical Linux privilege escalation vulnerability (CVE-2026-31431) dubbed "Copy Fail" has been discovered by researcher Xint Code. The exp

Xint·2mo ago

Copy Fail (CVE-2026-31431): A Linux Kernel Vulnerability Enabling Container Escape to Host Root on Kubernetes

Two weeks ago, the vulnerability Copy Fail (CVE-2026-31431) was disclosed — a dangerous Linux local-privilege escalation vulnerability that

xint.io·1mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.