New Linux pedit for COW Exploit Allows Root Access by Poisoning Cache Binaries

A flaw in the Linux kernel’s traffic control subsystem could allow an insecure local user to gain root on affected systems.
CVE-2026-46331, named “A COW,” is an out-of-bounds text in a packet edit action (act_pedit) that corrupts shared page cache memory. A public, active exploit was discovered during the CVE share day on June 16. Red Hat rates the bug as critical.
The exploit never touches the file on disk. It poisons a cached copy of the setuid root (/bin/su) in memory, injects a small payload, and runs that modified image as root. The file integrity check comes back clean when the root shell is already open.
The exploit requires two things: act_pedit to be loaded and insecure usernames opened, giving the attacker the namespace network capability (CAP_NET_ADMIN) needed to run the bug.
On the tested RHEL and Debian targets, both conditions were present.
How the Bug Works
The tc traffic control tool for Linux can also write packet headers on the fly using an action called pedit. The kernel function that does this, tcf_pedit_act(), must make a private copy of the data before editing it, the usual copy-on-write pattern.
Check the writable range once, before knowing how the last offsets were written. Some programming keys only resolve their offset at runtime. If that happens, the write falls outside the private copy region, so the kernel fixes the shared page cache instead of the private copy. If that page belongs to a cached file, the image of the file in memory is corrupted.
The pattern is familiar. Dirty Pipe, Copy Fail, DirtyClone, and Dirty Frag all share the same situation: the kernel’s fast path writes to a page that doesn’t belong to it, and the page cache takes a hit.
What’s new here is the entrance. An unprivileged user can configure tc actions within the username field, which gives them the CAP_NET_ADMIN required for the exploit.
Affected Systems
The PoC author reported an unprivileged-to-root exploit in RHEL 10 and Debian 13 (trixie), where unprivileged user namespaces are automatically opened. Ubuntu 24.04 required routing with AppArmor profiles that still allow blank usernames. Ubuntu 26.04 blocks that method by default because its AppArmor profiles restrict namespaces for unprivileged users, although the underlying kernel remains vulnerable.
Repairs are divided by the seller.
- Debian fixed trixie with its security channel. Debian 11 and 12 are still listed as vulnerable.
- Humanity lists releases supported from 18.04 to 26.04 as vulnerable as of June 25.
- Red Hat lists RHEL 8, 9, and 10 as affected; RHEL 7 is not included in the list of issues.
What to do
Install the patched kernel and reboot. Prioritize systems where “local user” does not mean a trusted user: multi-tenant hosts, CI/CD runners, Kubernetes environments, construction workers, and shared research or lab machines.
If you can’t patch it yet, reducing the two kills the exploit chain. For systems that don’t need tc pedit rules, check if the module is active (lsmod | grep act_pedit), and prevent it from loading:
echo 'install act_pedit /bin/true' | sudo tee /etc/modprobe.d/disable-act_pedit.conf
Alternatively, disable namespaces for unprivileged users (user.max_user_namespaces=0 on RHEL, kernel.unprivileged_userns_clone=0 on Debian/Ubuntu). That removes the local namespace capability needed to exploit, but breaks rootless containers, CI sandboxes, and sandboxed browsers. Check first.
Because the target overwrites the cache memory, file integrity checks may not catch it. Dropping the page cache (echo 3 > /proc/sys/vm/drop_caches) clears the poisoned memory copy, but does nothing for the root shell the attacker has already opened. Treat the host as vulnerable.
A fix hit the netdev mailing list in late May, framed as a data corruption patch. The usable information remained on the public mailing list for weeks. No CVE, no security warning. The CVE was assigned when the correction was put together on June 16. The weapons evidence was followed within a day. With kernel page cache corruption bugs, waiting for the scan rule is slow.



