🔴 Critical | Source: The Hacker News
A vulnerability in the Linux kernel’s traffic-control subsystem (CVE-2026-46331, ‘pedit COW’) allows a local unprivileged user to gain root-level access by corrupting shared memory used to cache executables. A working public exploit appeared within 24 hours of the CVE being assigned on 16 June, making rapid patching critical. Any Linux-based system where untrusted users can run code — including cloud VMs and container hosts — is at risk of full local privilege escalation.
Security Architect’s Take: Prioritise patching Linux kernels across all affected cloud VM instances and container hosts immediately, given the public exploit is already available; in the interim, consider restricting unprivileged access to traffic-control subsystems via seccomp profiles or disabling CAP_NET_ADMIN where not required, and audit whether your container runtime configurations prevent exploitation from within pods.
Original advisory: New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries