Critical Linux Kernel Flaw CVE-2026-46331 (Pedit COW) Enables Unprivileged Users to Gain Root Access via Cache Poisoning
By
HackMoN Ai
Summary
A critical Linux kernel vulnerability, CVE-2026-46331 (dubbed "Pedit COW"), has been discovered in the net/sched subsystem's act_pedit component. This local privilege escalation (LPE) flaw allows any unprivileged user to gain full root access by exploiting a partial copy-on-write bug to corrupt the kernel's page cache. The exploit, named packet_edit_meme, can overwrite cached memory of setuid binaries like /bin/su without touching the filesystem. The vulnerability affects multiple Linux distributions including Ubuntu, Debian, Fedora, RHEL, Arch Linux, and SUSE. A proof-of-concept exploit has been released, and while no official patch exists yet, mitigations include disabling the act_pedit kernel module and applying strict access controls.
Source
bskyCritical Linux Kernel Flaw CVE-2026-46331 (Pedit COW) Enables Unprivileged Users to Gain Root Access via Cache Poisoningundercodetesting.comKey quotes
· 5 pulledThis local privilege escalation (LPE) flaw enables any unprivileged user on a vulnerable system to gain full root access by corrupting the kernel's page cache.
The exploit, named packet_edit_meme, weaponizes a partial copy-on-write (COW) bug in the `net/sched` subsystem's `act_pedit` component, allowing attackers to overwrite the cached memory of a setuid binary like `/bin/su` without ever touching the filesystem.
The vulnerability has been confirmed across multiple distributions, including Ubuntu, Debian, Fedora, RHEL, Arch Linux, and SUSE, with varying degrees of exposure.
As of this writing, no official patch has been released for CVE-2026-46331, leaving administrators in a precarious position.
The most effective immediate mitigation is to disable the `act_pedit` kernel module if it is not required for your networking setup.
You might also wanna read
Exploiting CVE-2024-50264: Using Kernel-Hack-Drill to Overcome Linux Kernel Vulnerability Challenges
This technical article details the exploitation of CVE-2024-50264, a challenging Linux kernel vulnerability that won the Pwnie Award 2025 fo
Copy Fail: Critical Linux Kernel Vulnerability (CVE-2026-31431) Grants Root Access Across Major Distributions
Xint Code disclosed CVE-2026-31431, a critical Linux kernel vulnerability dubbed "Copy Fail." The bug exploits an authencesn scratch-write v
CVE-2026-31431 "CopyFail": Linux Local Privilege Escalation Vulnerability Disclosed
A Linux kernel vulnerability (CVE-2026-31431), nicknamed "CopyFail," has been disclosed on the oss-security mailing list. The vulnerability
CVE-2026-31431 "Copy Fail" Linux Kernel LPE Exploit Proof-of-Concept Released
This article presents a proof-of-concept exploit toolkit for CVE-2026-31431 ("Copy Fail"), a Linux kernel vulnerability in the algif_aead/au
Copy Fail (CVE-2026-31431): Critical Linux Kernel LPE Vulnerability Affecting All Major Distributions
A critical Linux privilege escalation vulnerability (CVE-2026-31431) dubbed "Copy Fail" has been discovered by researcher Xint Code. The exp
Copy Fail (CVE-2026-31431): A Linux Kernel Vulnerability Enabling Container Escape to Host Root on Kubernetes
Two weeks ago, the vulnerability Copy Fail (CVE-2026-31431) was disclosed — a dangerous Linux local-privilege escalation vulnerability that

Comments
Sign in to join the conversation.
No comments yet. Be the first.