Voozh

Vulnerabilities

CVE-2026-46331 Detail

Awaiting Enrichment

This CVE record has been marked for NVD enrichment efforts.

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

👁 NIST CVSS score

NIST: NVD

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://access.redhat.com/errata/RHSA-2026:27288	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:27353	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:27354	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:27355	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:27704	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:27705	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:27706	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:27707	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:27708	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:27709	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:27713	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:27731	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:27789	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:29833	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:33219	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:33220	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:33221	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:33222	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:33223	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:33224	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:33225	redhat-SADP
https://access.redhat.com/security/cve/CVE-2026-46331	redhat-SADP
https://bugzilla.redhat.com/show_bug.cgi?id=2479492	redhat-SADP
https://git.kernel.org/stable/c/2bec122b9fb91507a758ab5e3e5c4fbe7cb3f61b	kernel.org
https://git.kernel.org/stable/c/3dee9d0c198faeb95d052c1b94c2958751a28512	kernel.org
https://git.kernel.org/stable/c/899ee91156e57784090c5565e4f31bd7dbffbc5a	kernel.org
https://git.kernel.org/stable/c/b198ed4e52580a7238c7c7082f03906f8b310313	kernel.org
https://github.com/sgkdev/packet_edit_meme/tree/main	CISA-ADP
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46331.json	redhat-SADP

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-190	Integer Overflow or Wraparound	CISA-ADP
CWE-787	Out-of-bounds Write	CISA-ADP redhat-SADP

Change History

9 change records found show changes

CVE Modified by redhat-SADP 6/30/2026 9:18:49 AM

Action

Type

Old Value

New Value

Added

Reference

https://access.redhat.com/errata/RHSA-2026:29833

Changed

Affected

Record truncated, showing 2048 of 6585 characters.
View Entire Change Record

[{"vendor":"Red Hat","product":"NVIDIA for RHEL 10","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux_nvidia:10::el10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise

Record truncated, showing 2048 of 6596 characters.
View Entire Change Record

[{"vendor":"Red Hat","product":"NVIDIA for RHEL 10","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux_nvidia:10::el10"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.21::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Lin

CVE Modified by redhat-SADP 6/29/2026 11:20:20 PM

Action	Type	Old Value
Added	CVSS V3.1	AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Added	CWE	CWE-787
Added	Reference	https://access.redhat.com/errata/RHSA-2026:27288
Added	Reference	https://access.redhat.com/errata/RHSA-2026:27353
Added	Reference	https://access.redhat.com/errata/RHSA-2026:27354
Added	Reference	https://access.redhat.com/errata/RHSA-2026:27355
Added	Reference	https://access.redhat.com/errata/RHSA-2026:27704
Added	Reference	https://access.redhat.com/errata/RHSA-2026:27705
Added	Reference	https://access.redhat.com/errata/RHSA-2026:27706
Added	Reference	https://access.redhat.com/errata/RHSA-2026:27707
Added	Reference	https://access.redhat.com/errata/RHSA-2026:27708
Added	Reference	https://access.redhat.com/errata/RHSA-2026:27709
Added	Reference	https://access.redhat.com/errata/RHSA-2026:27713
Added	Reference	https://access.redhat.com/errata/RHSA-2026:27731
Added	Reference	https://access.redhat.com/errata/RHSA-2026:27789
Added	Reference	https://access.redhat.com/errata/RHSA-2026:33219
Added	Reference	https://access.redhat.com/errata/RHSA-2026:33220
Added	Reference	https://access.redhat.com/errata/RHSA-2026:33221
Added	Reference	https://access.redhat.com/errata/RHSA-2026:33222
Added	Reference	https://access.redhat.com/errata/RHSA-2026:33223
Added	Reference	https://access.redhat.com/errata/RHSA-2026:33224
Added	Reference	https://access.redhat.com/security/cve/CVE-2026-46331
Added	Reference	https://bugzilla.redhat.com/show_bug.cgi?id=2479492
Added	Reference	https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46331.json
Added	Affected	Record truncated, showing 2048 of 6585 characters. View Entire Change Record [{"vendor":"Red Hat","product":"NVIDIA for RHEL 10","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux_nvidia:10::el10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise

CVE Modified by kernel.org 6/19/2026 9:16:36 AM

Action	Type	Old Value	New Value
Added	Reference	https://git.kernel.org/stable/c/2bec122b9fb91507a758ab5e3e5c4fbe7cb3f61b
Added	Reference	https://git.kernel.org/stable/c/3dee9d0c198faeb95d052c1b94c2958751a28512
Added	Reference	https://git.kernel.org/stable/c/b198ed4e52580a7238c7c7082f03906f8b310313
Changed	Affected	[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/net/tc_act/tc_pedit.h","net/sched/act_pedit.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8b796475fd7882663a870456466a4fb315cc1bd6","lessThan":"899ee91156e57784090c5565e4f31bd7dbffbc5a","versionType":"git","status":"affected"},{"version":"d0c38a914b0c4c21d553da801003d36979016726","versionType":"git","status":"affected"},{"version":"2ec2dd7d51a9320151f275ddbb2b53260fb32ca1","versionType":"git","status":"affected"},{"version":"abe35bf3be51482593076d516a680d79e5fbc8e1","versionType":"git","status":"affected"},{"version":"b773640d5bb9e2acfd91e2695717af04d47aa116","versionType":"git","status":"affected"},{"version":"c19cc520b3d69904e9518d401ad0df7f4702aca0","versionType":"git","status":"affected"},{"version":"4.19.244","lessThan":"4.20","versionType":"semver","status":"affected"},{"version":"5.4.195","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"5.10.117","lessThan":"5.11","versionType":"semver","status":"affected"},{"version":"5.15.41","lessThan":"5.16","versionType":"semver","status":"affected"},{"version":"5.17.9","lessThan":"5.18","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/net/tc_act/tc_pedit.h","net/sched/act_pedit.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.18","status":"affected"},{"version":"0","lessThan":"5.18","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]	Record truncated, showing 2048 of 2437 characters. View Entire Change Record [{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/net/tc_act/tc_pedit.h","net/sched/act_pedit.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8b796475fd7882663a870456466a4fb315cc1bd6","lessThan":"2bec122b9fb91507a758ab5e3e5c4fbe7cb3f61b","versionType":"git","status":"affected"},{"version":"8b796475fd7882663a870456466a4fb315cc1bd6","lessThan":"b198ed4e52580a7238c7c7082f03906f8b310313","versionType":"git","status":"affected"},{"version":"8b796475fd7882663a870456466a4fb315cc1bd6","lessThan":"3dee9d0c198faeb95d052c1b94c2958751a28512","versionType":"git","status":"affected"},{"version":"8b796475fd7882663a870456466a4fb315cc1bd6","lessThan":"899ee91156e57784090c5565e4f31bd7dbffbc5a","versionType":"git","status":"affected"},{"version":"d0c38a914b0c4c21d553da801003d36979016726","versionType":"git","status":"affected"},{"version":"2ec2dd7d51a9320151f275ddbb2b53260fb32ca1","versionType":"git","status":"affected"},{"version":"abe35bf3be51482593076d516a680d79e5fbc8e1","versionType":"git","status":"affected"},{"version":"b773640d5bb9e2acfd91e2695717af04d47aa116","versionType":"git","status":"affected"},{"version":"c19cc520b3d69904e9518d401ad0df7f4702aca0","versionType":"git","status":"affected"},{"version":"4.19.244","lessThan":"4.20","versionType":"semver","status":"affected"},{"version":"5.4.195","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"5.10.117","lessThan":"5.11","versionType":"semver","status":"affected"},{"version":"5.15.41","lessThan":"5.16","versionType":"semver","status":"affected"},{"version":"5.17.9","lessThan":"5.18","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/net/tc_act/tc_pedit.h","net/sched/act_pedit.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.18","status":"affected"},{"version":"0","lessThan":"5.18","versionType":"semver","status":"unaffect

Quick Info

CVE Dictionary Entry:
CVE-2026-46331
NVD Published Date:
06/16/2026
NVD Last Modified:
06/30/2026
Source:
kernel.org

URL: https://nvd.nist.gov/vuln/detail/CVE-2026-46331

⇱ NVD - CVE-2026-46331

CVE-2026-46331 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Change History

CVE Modified by redhat-SADP 6/30/2026 9:18:49 AM

CVE Modified by redhat-SADP 6/30/2026 1:19:30 AM

CVE Modified by CISA-ADP 6/30/2026 1:19:30 AM

CVE Modified by redhat-SADP 6/29/2026 11:20:20 PM

CVE Modified by CISA-ADP 6/29/2026 11:16:40 AM

CVE Modified by kernel.org 6/28/2026 4:16:21 AM

CVE Modified by kernel.org 6/19/2026 9:16:36 AM

CVE Modified by kernel.org 6/17/2026 6:53:34 AM

New CVE Received from kernel.org 6/16/2026 4:16:23 AM

Quick Info