BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Linux ‘Pedit COW’ Flaw Lets Local Users Gain Root

Linux kernel flaw CVE-2026-46331 grants local root via packet-editing exploit.

  • A new Linux kernel vulnerability, CVE-2026-46331, allows local, unprivileged users to gain full root access on affected systems.
  • The flaw is in the packet-editing action (act_pedit) of the kernel’s traffic-control subsystem and has been nicknamed “pedit COW”.
  • A working, public exploit appeared within a day of the CVE assignment on June 16, 2026.
  • Systems are vulnerable if two conditions are met: the act_pedit module is loadable and unprivileged user namespaces are enabled.
  • Patches are available from vendors, but temporary mitigation involves disabling the module or unprivileged user namespaces.

A critical vulnerability discovered in the Linux kernel’s traffic-control subsystem in June 2026 enables a local attacker to gain root privileges, according to a report by Swati Khandelwal. Designated CVE-2026-46331, this flaw corrupts shared page-cache memory via an out-of-bounds write in the packet-editing function.

- Advertisement -

Consequently, a public exploit can poison the cached copy of a setuid binary like `/bin/su` in memory. This process injects a payload and runs the altered image with root access without touching the disk.

The exploit requires two specific conditions to be present on a target system. First, the `act_pedit` kernel module must be loadable, and second, unprivileged user namespaces must be open to grant the necessary `CAP_NET_ADMIN` capability.

Meanwhile, tested systems like RHEL and Debian met both conditions by default. Ubuntu presented more varied scenarios, with Ubuntu 26.04 blocking a key path via its default AppArmor profiles.

Vendors have issued split advisories regarding patches for affected systems. For instance, Debian has fixed its trixie release, while Ubuntu lists many supported versions as still vulnerable.

- Advertisement -

System administrators are urged to install the patched kernel and reboot immediately. This is especially critical for multi-tenant hosts, CI/CD runners, and shared lab machines where local users may not be trusted.

If patching is not immediately possible, two mitigations can disrupt the exploit chain. One method is to block the `act_pedit` module from loading entirely within the system configuration.

The alternative is to disable unprivileged user namespaces via kernel parameters, though this may break functionality for rootless containers and sandboxed applications. A fix was posted to the netdev mailing list in late May as a routine patch before its security implications were widely understood.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

CISA Adds Critical Microsoft SharePoint Flaw CVE-2026-58644 to KEV Catalog

CISA added a critical Microsoft SharePoint Server vulnerability, CVE-2026-58644, to its Known Exploited Vulnerabilities...

Bitcoin Bears Strike Again: BTC Rejected at $64k

Bitcoin (BTC) faced another rejection at the $64,000 resistance level, falling 1.7% in the...

Black: SpaceX acquiring Tesla would dilute shareholders 25%

Gary Black rejected speculation that SpaceX could acquire Tesla, warning such a deal could...

Bybit launches Indonesia platform after acquiring NOBI

Bybit launched a locally operated platform in Indonesia after acquiring a majority stake in...

Bitcoin Futures Liquidity Drives Price Action Near Key $64K Level

Bitcoin's short-term price action is increasingly driven by futures market activity, with prices gravitating...

Must Read

What is Moon Tropica (CAH) – Technology, Tokenomics, Game Preview

Gaming enthusiasts and crypto enthusiasts, hHave you heard about Moon Tropica? If you're longing for that nostalgic feel of classic games from your childhood...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading