Synopsis:
kernel security updateSummary:
An update for kernel is now available for openEuler-20.03-LTS-SP4Description:
The Linux Kernel, the operating system core itself.
Security Fix(es):
In the Linux kernel, the following vulnerability has been resolved:
net/sched: fix pedit partial COW leading to page cache corruption
tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd.
Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined.(CVE-2026-46331)Topic:
An update for kernel is now available for openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-24.03-LTS/openEuler-24.03-LTS-SP2.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
HighAffected Component:
kernel
4.19.90-2606.5.0.0378.oe2003sp44.19.90-2606.5.0.0378.oe2003sp44.19.90-2606.5.0.0378.oe2003sp44.19.90-2606.5.0.0378.oe2003sp44.19.90-2606.5.0.0378.oe2003sp44.19.90-2606.5.0.0378.oe2003sp44.19.90-2606.5.0.0378.oe2003sp44.19.90-2606.5.0.0378.oe2003sp44.19.90-2606.5.0.0378.oe2003sp44.19.90-2606.5.0.0378.oe2003sp4Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:HI:HA:H7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H