New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries

A vulnerability in the Linux kernel's traffic-control subsystem, identified as CVE-2026-46331 and nicknamed "pedit COW," allows unprivileged local users to gain root access on vulnerable systems. This flaw stems from an out-of-bounds write within the packet-editing action (act_pedit) that corrupts shared page-cache memory. A functional exploit for this vulnerability was publicly released on June 17, 2026, just one day after the CVE was assigned. Red Hat has classified this vulnerability as critical, indicating a severe security risk. The exploit leverages a "copy-on-write" (COW) mechanism, a memory management technique where memory pages are duplicated only when they are modified. By manipulating the page cache, an attacker can overwrite critical kernel data structures, ultimately leading to privilege escalation. This type of exploit is particularly concerning as it targets a fundamental component of the Linux operating system, potentially affecting a wide range of servers and devices. The rapid development and public release of an exploit highlight the urgency for users to apply necessary patches and security updates to mitigate the risk of unauthorized access. The exploit's effectiveness relies on the kernel's handling of shared memory, making it a sophisticated attack vector.