https://hackingpassion.com/tags/pedit-cow/Recent content in Pedit COW on HackingPassion.com : root@HackingPassion.com-[~]HugoenSat, 27 Jun 2026 09:56:35 +0200https://hackingpassion.com/pedit-cow-linux-root/Sat, 27 Jun 2026 09:56:35 +0200https://hackingpassion.com/pedit-cow-linux-root/<p>A flaw in the Linux kernel called <strong>pedit COW</strong> lets a regular, unprivileged user rewrite <code>/bin/su</code> in memory and become root, while the copy on disk never changes and a file integrity check comes back clean. It is tracked as <strong>CVE-2026-46331</strong>, Red Hat already rates it Important, and a working exploit is public. The flawed code has been in Linux kernels since 2022.</p> <p>Linux comes with a tool for reshaping and rewriting network traffic as it flows through the machine. It is called <code>tc</code>, short for <strong>traffic control</strong>. One thing it can do is reach into a packet and change bytes in the header while the packet is still moving. That job is called <code>pedit</code>, and the kernel loads it as a small module named <code>act_pedit</code>. Useful for admins, and the way into this bug.</p>