A newly disclosed flaw in the Linux kernel’s traffic-control subsystem, now assigned CVE-2026-46331 and referred to as “Pedit COW,” has been found to grant any unprivileged local user full root access on vulnerable systems.
Within just 24 hours of the CVE being formally assigned on June 16, 2026, a working proof-of-concept exploit dubbed packet_edit_meme surfaced publicly on GitHub, dramatically accelerating the threat window for unpatched systems.
The root cause lives in tcf_pedit_act(), the kernel function responsible for rewriting packet headers on-the-fly through the act_pedit traffic-control module.
Critical Linux Kernel Vulnerability
The function is designed to follow a Copy-on-Write discipline, producing a private copy of a memory page before modifying it. However, a critical sequencing error causes the writable range to be validated before runtime offsets are fully resolved.
Certain edit keys calculate their final destination only at execution time, meaning the write can land outside the private copy entirely and instead corrupt a shared page-cache page, one that may be backing a cached executable such as /bin/su.
The bug was quietly introduced by commit 899ee91156e5 and has been present across every kernel from v5.18 through v7.1-rc7.
A fix did appear on the netdev mailing list in late May 2026, but it was framed as a routine data-corruption patch with no CVE reference and no security advisory, leaving the window of exposure open far longer than necessary.
Security researchers have drawn immediate comparisons to Dirty Pipe, DirtyClone, and Dirty Frag, a lineage of Linux kernel exploits that each abused a kernel fast path by writing to a page they did not exclusively own.
Pedit COW fits the same mold, but it introduces a distinct and particularly dangerous entry point: unprivileged users can configure traffic-control actions from inside a user namespace, obtaining namespace-local CAP_NET_ADMIN without any system-level privileges whatsoever.
The exploit, packet_edit_meme, puts this to devastating effect. It spawns a user namespace child to acquire CAP_NET_ADMIN, then uses the COW violation to corrupt the in-memory ELF image of /bin/su held in the kernel page cache.
The binary’s entry point is overwritten with shellcode executing setgid(0) → setuid(0) → execve("/bin/sh"). When the poisoned binary is triggered, it drops a root shell.
Because the attack operates entirely within memory and never touches the on-disk binary, file-integrity monitoring tools report no anomalies throughout the entire attack chain.
Affected Distributions
Testing conducted in June 2026 confirmed successful exploitation on the following systems:
| Distribution | Kernel Version | Result |
|---|---|---|
| RHEL 10.0 | 6.12.0-228.el10 | ROOT |
| Debian 13 Trixie | 6.12.90+deb13.1 | ROOT |
| Ubuntu 24.04.4 | 6.17.0-22 | ROOT (AppArmor bypass) |
| Ubuntu 26.04 | 7.0.0-14-generic | FAIL |
On Ubuntu 24.04.4, AppArmor’s unprivileged namespace restriction is circumvented using aa-exec with permissive container profiles. Ubuntu 26.04 closes that bypass path entirely, though its underlying kernel remains technically vulnerable to the COW primitive itself.
Red Hat has confirmed that RHEL 8, 9, and 10 are affected, along with dependent platforms including Red Hat OpenStack Platform, Red Hat Virtualization, and RHEL CoreOS.
Debian has issued patches for Trixie, while Debian 11 and 12 remain unpatched. Ubuntu has acknowledged all supported releases from 18.04 through 26.04 as vulnerable as of June 25, 2026.
Mitigation
Installing the patched kernel and rebooting is the only complete fix. Administrators should prioritize multi-tenant hosts, Kubernetes nodes, CI/CD runners, and shared build environments, as these carry the highest exploitation risk.
Where immediate patching is not feasible, the act_pedit module can be disabled with the following command:
'install act_pedit /bin/true' | sudo tee /etc/modprobe.d/disable-act_pedit.confDisabling unprivileged user namespaces via user.max_user_namespaces=0 on RHEL or kernel.unprivileged_userns_clone=0 on Debian and Ubuntu also neutralizes the exploit’s entry point, though this will break rootless containers and browser sandboxes.
Any host suspected of running the exploit should be treated as fully compromised, regardless of what file-integrity tooling reports, given the attack’s entirely in-memory nature.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
