Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Linux kernel act_pedit out-of-bounds write security flaw (CVE-2026-46331)

Vulnerability
First reported
Last updated
Happening score
H score 30
1 unique sources, 1 articles

Summary

Hide ▲

A Linux kernel traffic-control flaw, CVE-2026-46331, lets a local unprivileged user gain root by abusing an out-of-bounds write in act_pedit. A public working exploit appeared within a day of assignment and was shown corrupting a cached /bin/su image in memory without touching the file on disk. Vendors list affected releases across RHEL, Debian, and Ubuntu, and patched kernels or mitigations are available.

Related Happenings

Linux kernel Dirty Frag local root escalation privilege-escalation flaw

Vulnerability
H score30 First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **Dirty Frag** is a newly disclosed **Linux kernel** zero-day that can give **local attackers root privileges** on **most major Linux distributions**. The flaw is anchored in the...

Open Happening

Linux kernel Dirty Frag blocklist mitigation

Advisory/Mitigation
H score41 First: 08.05.2026 08:12 Last: 08.05.2026 08:12 Sources 1

About this happening: **CloudLinx** and Linux distribution advisories now recommend blocklisting **esp4**, **esp6**, and **rxrpc** to reduce exposure to the **Dirty Frag** Linux kernel **LPE** while pa...

Open Happening

CISA KEV action for CVE-2026-31431 and FCEB remediation

Public Sector Action
H score37 First: 03.05.2026 09:26 Last: 03.05.2026 09:26 Sources 1

About this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...

Open Happening

Linux distributions mitigation advisories for CVE-2026-31431

Advisory/Mitigation
H score39 First: 30.04.2026 12:24 Last: 30.04.2026 12:24 Sources 1

About this happening: Multiple **Linux distributions** released advisories for **CVE-2026-31431**, adding mitigation guidance for a **Linux kernel local privilege escalation** that can let an unprivile...

Open Happening

AppArmor CrackArmor mitigation guidance

Advisory/Mitigation
H score77 First: 16.03.2026 16:00 Last: 16.03.2026 16:00 Sources 1

About this happening: **Qualys** issued urgent mitigation guidance for **CrackArmor**, telling organizations to update **Linux kernel** packages immediately to reduce risk from the **AppArmor** flaws....

Open Happening

Timeline

  1. 26.06.2026 16:00 1 articles · 3h ago

    CVE-2026-46331 is assigned for the act_pedit out-of-bounds write

    Initial Disclosure

    Linux kernel CVE-2026-46331, nicknamed pedit COW, is assigned on June 16, 2026 for an out-of-bounds write in act_pedit that corrupts shared page-cache memory, and the fix is merged the same day; Red Hat rates the flaw as important.

    Show sources
    Open in new tab
  2. 26.06.2026 16:00 1 articles · 3h ago

    Public exploit gains root by poisoning a cached /bin/su image

    Exploitation Observed

    A public working exploit appears within a day of the June 16, 2026 CVE assignment and lets a local unprivileged user gain root by poisoning the cached copy of /bin/su in memory without touching the file on disk; the tested RHEL 10 and Debian 13 targets had act_pedit loadable and unprivileged user namespaces enabled.

    Show sources
    Open in new tab
  3. 26.06.2026 16:00 2 articles · 3h ago

    Ubuntu and Debian list Linux kernel releases as vulnerable to CVE-2026-46331

    Campaign Scope Update

    As of June 25, 2026, Ubuntu lists supported releases from 18.04 through 26.04 as vulnerable, Debian has fixed trixie through its security channel while Debian 11 and 12 remain listed as vulnerable, and Red Hat lists RHEL 8, 9, and 10 as affected.

    Show sources
    Open in new tab