Linux Kernel CVE-2026-46331: Pedit COW Traffic-Control Bug Delivers Root Shell, Ubuntu Still Unpatched

A weaponized proof-of-concept exploit for CVE-2026-46331 — dubbed “Pedit COW” — has been publicly available since June 17, turning a missing bounds check in the Linux kernel’s traffic-control subsystem into a turnkey local-to-root escalation. As of June 25, Ubuntu has not shipped a patched kernel for any supported release from 18.04 through 26.04, leaving a large footprint of cloud instances, container hosts, and Kubernetes nodes exposed.

Root Cause

The flaw lives in act_pedit, the packet-editing action that Linux traffic control (tc) uses to rewrite header bytes on in-flight packets. The function tcf_pedit_act() computes the copy-on-write (COW) range for skb_ensure_writable() once before iterating over edit keys, using tcfp_off_max_hint. That hint does not account for the runtime header offset introduced by typed keys, so the actual write location for a given key can extend beyond the region that was made writable — landing in a shared page-cache page that was never privatized. This is a partial COW violation: the kernel silently scribbles into a page it never made private, corrupting cached file data that other processes see as authoritative.

The bug was introduced in kernel commit 899ee91156e5 and spans Linux v5.18 through v7.1-rc6. The upstream fix landed in v7.1-rc7; kernel.org assigned CVE-2026-46331 at merge time on June 16, 2026.

The Exploit Chain

The weaponized PoC, packet_edit_meme, is author-verified and works against unpatched enterprise kernels. The attack sequence:

Obtain CAP_NET_ADMIN in a user namespace. Spawning an unprivileged user-namespace child is permitted by default on Ubuntu, Fedora, Debian 13, and most container runtimes. This is a standard capability-escalation step that does not require any prior kernel bug.
Corrupt /bin/su in the page cache. Using the act_pedit COW primitive, overwrite the in-memory ELF entry point of the setuid-root /bin/su binary while the shared page remains mapped host-wide.
Inject shellcode. The injected payload is minimal: setgid(0) → setuid(0) → execve("/bin/sh").
Trigger the poisoned image. Call /bin/su from the initial (host) namespace. The kernel executes the attacker’s shellcode from the poisoned page-cache frame, dropping a root shell.

The chain requires no kernel symbol leaks, no KASLR bypass, and no additional SUID binary abuse. It is robust across common hardened kernel configurations that do not explicitly block act_pedit or restrict unprivileged user namespaces.

Affected Versions and Patch Status

Linux kernel: v5.18–v7.1-rc6 are vulnerable. Fixed upstream in v7.1-rc7.

Distribution	Status
RHEL 8 / 9 / 10	Patched — apply errata (RHSB-2026-008)
AlmaLinux 8	Patched
Fedora 40 / 41	Patched via kernel-7.1.0-0.rc7 update
Debian 13 (Trixie)	Patched
Debian 11 (Bullseye) / 12 (Bookworm)	Vulnerable — no patch yet
Ubuntu 18.04 – 26.04 LTS	Vulnerable — no USN as of June 25, 2026

Impact

Any system where unprivileged user namespaces are enabled by default — Ubuntu, Fedora, and most container runtimes — and a local unprivileged user can run processes is fully exploitable. In Kubernetes environments, a compromised pod running without a hardened securityContext (no seccompProfile, no allowPrivilegeEscalation: false) can use this technique to escalate to node-root, then pivot to cluster secrets via /proc/<kubelet-pid>/fd or the kubelet credential store at /var/lib/kubelet/pki/.

Cloud images derived from Ubuntu AMIs, GCP compute images, or Ubuntu-based container base images are exposed until Ubuntu ships its fix and workloads are rebooted.

Mitigation

Apply vendor patches where available and reboot. For systems still awaiting fixes:

Block act_pedit module loading on hosts that don’t use tc pedit rules (the common case):

1
echo 'install act_pedit /bin/true' >> /etc/modprobe.d/block-act-pedit.conf

Restrict unprivileged user namespaces where container runtimes and browser sandboxes permit it:

1
2
3
4
5
6
# Debian/Ubuntu
sysctl -w kernel.unprivileged_userns_clone=0
echo 'kernel.unprivileged_userns_clone=0' >> /etc/sysctl.d/99-userns.conf

# RHEL/Fedora (alternative sysctl)
sysctl -w user.max_user_namespaces=0

Note: disabling unprivileged user namespaces breaks rootless container runtimes (Podman, rootless Docker) and Chromium/Firefox sandboxing. Test carefully before applying in production.

Kubernetes node hardening: Add a seccompProfile (RuntimeDefault or Localhost) and set allowPrivilegeEscalation: false in pod specs. Ensure node OS images are patched before pulling kubelet credentials.

Track Ubuntu’s fix at ubuntu.com/security/CVE-2026-46331.