Red Hat disclosed CVE-2026-46331, an important local privilege escalation vulnerability in the Linux kernel’s traffic control subsystem, specifically the act_pedit module. The flaw stems from a missing bounds check in tcf_pedit_act() that can lead to an out-of-bounds write and page cache memory corruption, potentially allowing a local user to gain root privileges. Red Hat said RHEL 8, 9, and 10 are directly affected, along with Red Hat Enterprise Linux for NVIDIA and Red Hat OpenShift Container Platform, though OpenShift exposure is considered low because the vulnerable module is not loaded by default.
Technical details show the bug arises when packet-editing keys recompute Layer 4 offsets during processing, allowing an earlier mutation to influence a later write beyond the originally validated writable packet range. Red Hat has issued fixes across multiple product lines, including RHEL variants, SAP Solutions, Telecommunications Update Service, Extended Update Support, Advanced Mission Critical Update Support, and NVIDIA for RHEL 10, while warning that products built on the RHEL kernel such as RHEL CoreOS, Red Hat OpenStack Platform, and Red Hat Virtualization may also be impacted. As a mitigation, Red Hat advised administrators to blacklist the act_pedit kernel module and verify whether it is loaded before unloading it or rebooting.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
Red Hat stated the issue had been addressed across multiple products, including RHEL 8, 9, and 10 variants and other offerings, through multiple RHSA advisories issued in June 2026. The source does not provide specific advisory issue dates for each product.
SUSE Bugzilla tracked CVE-2026-46331 and linked it to multiple important kernel security advisories affecting SUSE Linux Enterprise, SUSE Linux Micro, openSUSE Leap, live patching, and real-time kernel packages. The entry also summarized the upstream fix for the pedit handling flaw and referenced upstream commit 899ee91156e57784090c5565e4f31bd7dbffbc5a.
Red Hat's Bugzilla entry described how mutations in tcf_pedit_act() could alter later header-relative offsets and lead to an out-of-bounds write beyond the originally ensured writable prefix. The entry also stated the fix expands the ensured writable range using each key's final computed write offset before packet edits.
Red Hat disclosed CVE-2026-46331 as an important local privilege escalation vulnerability in the Linux kernel traffic control subsystem's act_pedit module. It said RHEL 8, 9, and 10 and related products were affected, and recommended blacklisting the act_pedit module as a mitigation.
An upstream Linux kernel commit fixed the tc pedit flaw by replacing coarse writable-range handling with per-operation validation, adding integer overflow checks, and using safer writable packet access patterns. The patch removed tcfp_off_max_hint and updated act_pedit code to prevent out-of-bounds access and unsafe packet modification behavior.
The Debian security tracker published an entry for CVE-2026-46331, indicating the vulnerability had been cataloged in Debian's tracking system.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
7 references tracked. Mallory keeps watching after this page renders.
bugzilla.redhat.com
Open sourcebugzilla.suse.com
Open sourceaccess.redhat.com
Open sourcebugzilla.suse.com
Open sourcegit.kernel.org
Open sourcesecurity-tracker.debian.org
Open sourcesecurity-tracker.debian.org
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.