RHSB-2026-008 Traffic Control Privilege Escalation - Linux Kernel (CVE-2026-46331)

Public Date: June 19, 2026, 11:28
Updated July 3, 2026, 19:18

Was this information helpful?

Feedback cancelled

Resolved Status
Important Impact

Executive Summary

An Important privilege escalation flaw (CVE-2026-46331) was found in the Linux kernel's traffic control subsystem (act_pedit). A missing bounds check allows an out-of-bounds write, enabling corruption of page cache memory. A user with a local account could exploit this flaw to gain system administrator (root) access.

Affected Products

The following Red Hat product versions are directly affected:

  • Red Hat Enterprise Linux 8 (All fixes released)
  • Red Hat Enterprise Linux 9 (All fixes released)
  • Red Hat Enterprise Linux 10 (All fixes released)
  • Red Hat OpenShift Container Platform (Low severity — the vulnerable module is not loaded by default)

Further, any Red Hat product that relies on the Red Hat Enterprise Linux kernel (including RHEL CoreOS) is also potentially impacted. This includes layered products such as Red Hat OpenStack Platform, and Red Hat Virtualization.

Please ensure that the underlying Red Hat Enterprise Linux kernel is current in these product environments.

Mitigation

To mitigate this issue, block the affected act_pedit module. This prevents it from being automatically loaded at boot time.

Warning: This mitigation may not be suitable for systems that use tc pedit rules for traffic shaping or packet header rewriting. Run lsmod | grep act_pedit to check whether the module is currently in use.

echo "blacklist act_pedit" > /etc/modprobe.d/blacklist-act-pedit.conf

If the module is currently loaded, unload it or reboot for the block to take effect. For additional guidance for blocking kernel modules, see How do I prevent a kernel module from being loaded automatically?.

Was this information helpful? Your feedback is valuable!

Feedback cancelled

Comments