In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined.
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46331.json
https://github.com/sgkdev/packet_edit_meme/tree/main
https://git.kernel.org/stable/c/d5d01d35a5a7d36f7cb679b67d9cbdd5205672dc
https://git.kernel.org/stable/c/b685d6ef6f07a3b5ce814565a25f39f2157538a5
https://git.kernel.org/stable/c/b198ed4e52580a7238c7c7082f03906f8b310313
https://git.kernel.org/stable/c/a071e057518decc5e3bec89855758f5f8786f2c5
https://git.kernel.org/stable/c/899ee91156e57784090c5565e4f31bd7dbffbc5a
https://git.kernel.org/stable/c/544d857b42a1734b923040e13aa61a6fd4746cf2
https://git.kernel.org/stable/c/3dee9d0c198faeb95d052c1b94c2958751a28512
https://git.kernel.org/stable/c/2bec122b9fb91507a758ab5e3e5c4fbe7cb3f61b
https://bugzilla.redhat.com/show_bug.cgi?id=2479492
https://access.redhat.com/security/cve/CVE-2026-46331
https://access.redhat.com/errata/RHSA-2026:33666
https://access.redhat.com/errata/RHSA-2026:33225
https://access.redhat.com/errata/RHSA-2026:33224
https://access.redhat.com/errata/RHSA-2026:33223
https://access.redhat.com/errata/RHSA-2026:33222
https://access.redhat.com/errata/RHSA-2026:33221
https://access.redhat.com/errata/RHSA-2026:33220
https://access.redhat.com/errata/RHSA-2026:33219
https://access.redhat.com/errata/RHSA-2026:29863
https://access.redhat.com/errata/RHSA-2026:29856
https://access.redhat.com/errata/RHSA-2026:29833
https://access.redhat.com/errata/RHSA-2026:29799
https://access.redhat.com/errata/RHSA-2026:29794
https://access.redhat.com/errata/RHSA-2026:29080
https://access.redhat.com/errata/RHSA-2026:28887
https://access.redhat.com/errata/RHSA-2026:27789
https://access.redhat.com/errata/RHSA-2026:27731
https://access.redhat.com/errata/RHSA-2026:27713
https://access.redhat.com/errata/RHSA-2026:27709
https://access.redhat.com/errata/RHSA-2026:27708
https://access.redhat.com/errata/RHSA-2026:27707
https://access.redhat.com/errata/RHSA-2026:27706
https://access.redhat.com/errata/RHSA-2026:27705
https://access.redhat.com/errata/RHSA-2026:27704
https://access.redhat.com/errata/RHSA-2026:27355
https://access.redhat.com/errata/RHSA-2026:27354
Published: 2026-06-16
Updated: 2026-07-04
Named Vulnerability: pedit COW
Base Score: 6.8
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
Severity: Medium
Base Score: 6.7
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: Medium
EPSS: 0.0014
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability Being Monitored