7.8

CVE-2026-46331

Medienbericht

net/sched: fix pedit partial COW leading to page cache corruption

In the Linux kernel, the following vulnerability has been resolved:

net/sched: fix pedit partial COW leading to page cache corruption

tcf_pedit_act() computes the COW range for skb_ensure_writable()
once before the key loop using tcfp_off_max_hint, but the hint does
not account for the runtime header offset added by typed keys. This
can leave part of the write region un-COW'd.

Fix by moving skb_ensure_writable() inside the per-key loop where
the actual write offset is known, and add overflow checking on the
offset arithmetic. For negative offsets (e.g. Ethernet header edits
at ingress), use skb_cow() to COW the headroom instead. Guard
offset_valid() against INT_MIN, where negation is undefined.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19.244 < 4.20
LinuxLinux Kernel Version >= 5.4.195 < 5.5
LinuxLinux Kernel Version >= 5.10.117 < 5.11
LinuxLinux Kernel Version >= 5.15.41 < 5.16
LinuxLinux Kernel Version >= 5.17.9 < 5.18
LinuxLinux Kernel Version >= 5.18.1 < 6.12.94
LinuxLinux Kernel Version >= 6.13 < 6.18.36
LinuxLinux Kernel Version >= 6.19 < 7.0.13
LinuxLinux Kernel Version5.18 Update-
LinuxLinux Kernel Version5.18 Updaterc7
LinuxLinux Kernel Version7.1 Updaterc1
LinuxLinux Kernel Version7.1 Updaterc2
LinuxLinux Kernel Version7.1 Updaterc3
LinuxLinux Kernel Version7.1 Updaterc4
LinuxLinux Kernel Version7.1 Updaterc5
LinuxLinux Kernel Version7.1 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.32% 0.24
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
29.06.2026 16:56
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
26.06.2026 15:22
https://git.kernel.org/stable/c/899ee91156e57784090c5565e4f31bd7dbffbc5a
Patch
https://git.kernel.org/stable/c/2bec122b9fb91507a758ab5e3e5c4fbe7cb3f61b
Patch
https://git.kernel.org/stable/c/3dee9d0c198faeb95d052c1b94c2958751a28512
Patch
https://git.kernel.org/stable/c/b198ed4e52580a7238c7c7082f03906f8b310313
Patch
https://github.com/sgkdev/packet_edit_meme/tree/main
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2479492
Third Party Advisory
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46331.json
Third Party Advisory
https://git.kernel.org/stable/c/544d857b42a1734b923040e13aa61a6fd4746cf2
Patch
https://git.kernel.org/stable/c/a071e057518decc5e3bec89855758f5f8786f2c5
Patch
https://git.kernel.org/stable/c/b685d6ef6f07a3b5ce814565a25f39f2157538a5
Patch
https://git.kernel.org/stable/c/d5d01d35a5a7d36f7cb679b67d9cbdd5205672dc
Patch
https://access.redhat.com/errata/RHSA-2026:28887
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:28962
Issue Tracking
https://access.redhat.com/errata/RHSA-2026:27353
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:27354
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:27713
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:29794
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:27789
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:27731
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:27708
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:33219
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:33220
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:33221
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:33222
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:33223
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:33224
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:33225
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:27288
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:27355
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:27704
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:27705
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:27706
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:27707
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:27709
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:29080
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:29799
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:29833
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:29856
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:29863
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:33666
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-46331
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:34098
https://access.redhat.com/errata/RHSA-2026:34048