7.8
CVE-2026-46331
- EPSS 0.32%
- Veröffentlicht 16.06.2026 06:26:21
- Zuletzt bearbeitet 10.07.2026 12:17:04
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
net/sched: fix pedit partial COW leading to page cache corruption
In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.19.244 < 4.20
Linux ≫ Linux Kernel Version >= 5.4.195 < 5.5
Linux ≫ Linux Kernel Version >= 5.10.117 < 5.11
Linux ≫ Linux Kernel Version >= 5.15.41 < 5.16
Linux ≫ Linux Kernel Version >= 5.17.9 < 5.18
Linux ≫ Linux Kernel Version >= 5.18.1 < 6.12.94
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.36
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.13
Linux ≫ Linux Kernel Version5.18 Update-
Linux ≫ Linux Kernel Version5.18 Updaterc7
Linux ≫ Linux Kernel Version7.1 Updaterc1
Linux ≫ Linux Kernel Version7.1 Updaterc2
Linux ≫ Linux Kernel Version7.1 Updaterc3
Linux ≫ Linux Kernel Version7.1 Updaterc4
Linux ≫ Linux Kernel Version7.1 Updaterc5
Linux ≫ Linux Kernel Version7.1 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.24 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://git.kernel.org/stable/c/899ee91156e57784090c5565e4f31bd7dbffbc5a
https://git.kernel.org/stable/c/2bec122b9fb91507a758ab5e3e5c4fbe7cb3f61b
https://git.kernel.org/stable/c/3dee9d0c198faeb95d052c1b94c2958751a28512
https://git.kernel.org/stable/c/b198ed4e52580a7238c7c7082f03906f8b310313
https://github.com/sgkdev/packet_edit_meme/tree/main
https://bugzilla.redhat.com/show_bug.cgi?id=2479492
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46331.json
https://git.kernel.org/stable/c/544d857b42a1734b923040e13aa61a6fd4746cf2
https://git.kernel.org/stable/c/a071e057518decc5e3bec89855758f5f8786f2c5
https://git.kernel.org/stable/c/b685d6ef6f07a3b5ce814565a25f39f2157538a5
https://git.kernel.org/stable/c/d5d01d35a5a7d36f7cb679b67d9cbdd5205672dc
https://access.redhat.com/errata/RHSA-2026:28887
https://access.redhat.com/errata/RHSA-2026:28962
https://access.redhat.com/errata/RHSA-2026:27353
https://access.redhat.com/errata/RHSA-2026:27354
https://access.redhat.com/errata/RHSA-2026:27713
https://access.redhat.com/errata/RHSA-2026:29794
https://access.redhat.com/errata/RHSA-2026:27789
https://access.redhat.com/errata/RHSA-2026:27731
https://access.redhat.com/errata/RHSA-2026:27708
https://access.redhat.com/errata/RHSA-2026:33219
https://access.redhat.com/errata/RHSA-2026:33220
https://access.redhat.com/errata/RHSA-2026:33221
https://access.redhat.com/errata/RHSA-2026:33222
https://access.redhat.com/errata/RHSA-2026:33223
https://access.redhat.com/errata/RHSA-2026:33224
https://access.redhat.com/errata/RHSA-2026:33225
https://access.redhat.com/errata/RHSA-2026:27288
https://access.redhat.com/errata/RHSA-2026:27355
https://access.redhat.com/errata/RHSA-2026:27704
https://access.redhat.com/errata/RHSA-2026:27705
https://access.redhat.com/errata/RHSA-2026:27706
https://access.redhat.com/errata/RHSA-2026:27707
https://access.redhat.com/errata/RHSA-2026:27709
https://access.redhat.com/errata/RHSA-2026:29080
https://access.redhat.com/errata/RHSA-2026:29799
https://access.redhat.com/errata/RHSA-2026:29833
https://access.redhat.com/errata/RHSA-2026:29856
https://access.redhat.com/errata/RHSA-2026:29863
https://access.redhat.com/errata/RHSA-2026:33666
https://access.redhat.com/security/cve/CVE-2026-46331
https://access.redhat.com/errata/RHSA-2026:34098
https://access.redhat.com/errata/RHSA-2026:34048