CyberSecurity News

Packet_edit_meme page cache poisoning vulnerability (CVE-2026-46331)

Hacker News

· June 26, 2026

AI summary

A vulnerability known as packet_edit_meme page cache poisoning has been identified and assigned the CVE ID 2026-46331. Information about this issue is available on GitHub and has been discussed on Hacker News, where it received one point and no comments. The GitHub page and associated discussion on Hacker News provide further details about the vulnerability.

Vulnerabilities mentioned

CVE-2026-46331

UNKNOWN

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined.

Read the full article at Hacker Newsgithub.com/sgkdev/packet_edit_meme

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to Hacker News.