PatchSiren cyber security CVE debrief
CVE-2026-46331 Linux CVE debrief
A vulnerability was found in the Linux kernel, specifically in the net/sched component. The issue is related to the pedit partial COW leading to page cache corruption. The tcf_pedit_act() function computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint. However, the hint does not account for the runtime header offset added by typed keys, which can leave part of the write region un-COW'd. The fix involves moving skb_ensure_writable() inside the per-key loop where the actual write offset is known and adding overflow checking on the offset arithmetic.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Linux kernel users and administrators
Technical summary
The vulnerability is caused by the incorrect computation of the COW range in the tcf_pedit_act() function. The function uses tcfp_off_max_hint to compute the COW range before the key loop, which does not account for the runtime header offset added by typed keys. This can lead to page cache corruption.
Defensive priority
High
Recommended defensive actions
- Apply the patch from the Linux kernel repository: [ref-4](https://git.kernel.org/stable/c/899ee91156e57784090c5565e4f31bd7dbffbc5a)
- Check for updates and patches from the Linux kernel community
Evidence notes
The vulnerability was resolved by moving skb_ensure_writable() inside the per-key loop and adding overflow checking on the offset arithmetic.
Official resources
-
CVE-2026-46331 CVE record
CVE.org
-
CVE-2026-46331 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
public