CVE Tools
Back to feed
The Hacker News ·EN News source

New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries

By The Hacker News··3 min read
CVE Tools coverage

A Linux kernel vulnerability in the traffic-control packet-editing action (act_pedit), tracked as CVE-2026-46331 (“pedit COW”), can allow an unprivileged local user to gain root. The issue is an out-of-bounds write that corrupts shared page-cache content, enabling an attacker to poison the in-memory copy of /bin/su without touching the disk, bypassing file integrity checks after exploitation. Public working exploits appeared shortly after the CVE was assigned, and Red Hat, Debian, and Ubuntu kernels are affected (per their advisories), making timely patching and mitigation important for multi-tenant and containerized environments.