New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
Summary
A critical out-of-bounds write vulnerability, dubbed "pedit COW" (CVE-2026-46331), has been discovered in the Linux kernel's traffic-control subsystem. This flaw allows a local unprivileged user to gain root access by corrupting shared page-cache memory. A public, working exploit for this vulnerability became available shortly after its assignment.
IFF Assessment
This critical kernel vulnerability allows local attackers to gain root access, posing a significant risk to affected Linux systems, especially with a public exploit available.
Severity
This score reflects a high-severity local privilege escalation vulnerability (Attack Vector: Local). An unprivileged user can achieve root access with low attack complexity, resulting in high impact on confidentiality, integrity, and availability of the affected system.
Defender Context
Defenders must immediately identify and patch all affected Linux systems to prevent local privilege escalation. The availability of a public exploit significantly increases the urgency for remediation, as it lowers the barrier for attackers to gain full system control. Organizations should monitor vendor advisories for patches and consider implementing least privilege principles to limit the impact of successful exploitation.