{"id":39364,"date":"2026-07-02T09:57:55","date_gmt":"2026-07-02T01:57:55","guid":{"rendered":"https:\/\/www.deepin.org\/?p=39364"},"modified":"2026-07-02T10:24:51","modified_gmt":"2026-07-02T02:24:51","slug":"linux-kernel-actpedit-vulnerability-fix","status":"publish","type":"post","link":"https:\/\/www.deepin.org\/en\/linux-kernel-actpedit-vulnerability-fix\/","title":{"rendered":"Urgent Update: Fix Linux Kernel ActPedit Local Privilege Escalation"},"content":{"rendered":"<img loading=\"lazy\" class=\"alignnone size-full wp-image-39366\" src=\"https:\/\/www.deepin.org\/wp-content\/uploads\/2026\/07\/108_\u526f\u672c.png\" alt=\"\" width=\"900\" height=\"383\" srcset=\"https:\/\/www.deepin.org\/wp-content\/uploads\/2026\/07\/108_\u526f\u672c.png 900w, https:\/\/www.deepin.org\/wp-content\/uploads\/2026\/07\/108_\u526f\u672c-300x128.png 300w, https:\/\/www.deepin.org\/wp-content\/uploads\/2026\/07\/108_\u526f\u672c-150x64.png 150w, https:\/\/www.deepin.org\/wp-content\/uploads\/2026\/07\/108_\u526f\u672c-768x327.png 768w, https:\/\/www.deepin.org\/wp-content\/uploads\/2026\/07\/108_\u526f\u672c-24x10.png 24w, https:\/\/www.deepin.org\/wp-content\/uploads\/2026\/07\/108_\u526f\u672c-36x15.png 36w, https:\/\/www.deepin.org\/wp-content\/uploads\/2026\/07\/108_\u526f\u672c-48x20.png 48w\" sizes=\"(max-width: 900px) 100vw, 900px\" \/><\/p>\n<p>Dear deepin Users and Community Members,<\/p>\n<p>A local privilege escalation vulnerability codenamed ActPedit (also known as pedit COW) has recently been disclosed in the Linux kernel. This vulnerability falls under the same category of page cache write vulnerabilities as the previously disclosed Dirty Frag and Copy Flaws. An attacker with low-privilege local access can exploit this flaw to tamper with the page cache of read-only files, escalate privileges and gain root access.<\/p>\n<p>Proof-of-Concept (PoC) codes and detailed exploitation techniques for this vulnerability have been released to the public. Given its high severity and broad impact, we strongly recommend all users to update their systems immediately to secure your devices.<\/p>\n<p>&nbsp;<\/p>\n<h1><strong>Vulnerability Details<\/strong><\/h1>\n<p>CVE ID: CVE-2026-46331<\/p>\n<p>Codename: ActPedit (pedit COW)<\/p>\n<p>Description: A local privilege escalation vulnerability exists within the packet editing (pedit) subsystem of Linux kernel traffic control. When handling copy-on-write (COW) operations, the <code>tcf_pedit_act()<\/code> function fails to account for runtime header offsets when calculating the write range for <code>skb_ensure_writable()<\/code>. This causes incomplete COW protection for certain write regions, leading to out-of-bounds writes and page cache corruption. Local attackers authorized to configure traffic control rules can exploit this flaw to elevate privileges or crash the system.<\/p>\n<p>Severity: High (CVSS score: 7.1\u20137.8)<\/p>\n<p>Exploit Requirements:<\/p>\n<p>The kernel is built with <code>CONFIG_NET_ACT_PEDIT<\/code> enabled;<\/p>\n<p>The attacker has local permissions to configure traffic control rules.<\/p>\n<p>The risk of exploitation via public PoCs rises sharply if user namespaces are enabled (<code>CONFIG_USER_NS=y<\/code> and <code>\/proc\/sys\/kernel\/unprivileged_userns_clone = 1<\/code>).<\/p>\n<p>Successful exploitation allows a regular local user to obtain full root control over the entire system.<\/p>\n<p>Affected Versions: All deepin 25 systems without the latest security patch are vulnerable. Immediate updates are required.<\/p>\n<p>&nbsp;<\/p>\n<h1><strong>Patch Deployment Status<\/strong><\/h1>\n<p>deepin 25 (Kernel 6.6 &amp; 6.18)<\/p>\n<p>Patches addressing the ActPedit vulnerability have been fully rolled out for deepin 25.<\/p>\n<p>You may install updates via the Control Center, or run the following command in Terminal:<\/p>\n<p><em>sudo apt update &amp;&amp; sudo apt dist-upgrade<\/em><\/p>\n<div>\n<div>\n<div>\n<div>\n<div>\n<div>\n<div>\n<div>\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Reboot your device after upgrading to activate the security fix.<\/p>\n<p>&nbsp;<\/p>\n<\/div>\n<p>Additional updates: Resolved known issues for DDE desktop environment.<\/p>\n<p>These are all updates included in the official deepin 25.1.1 release. We would like to thank every member of the deepin community for your continuous support!<\/p>\n<p>If you encounter any issues during updating or daily usage, please visit the deepin Community Forum to share your feedback.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Dear deepin Users and Community Members, A local privilege escalation vulnerability codenamed ActPedit (also known as pedit COW) has recently been disclosed in the Linux kernel. This vulnerability falls under the same category of page cache write vulnerabilities as the previously disclosed Dirty Frag and Copy Flaws. An attacker with low-privilege local access can exploit this flaw to tamper with the page cache of read-only files, escalate privileges and gain root access. Proof-of-Concept (PoC) codes and detailed exploitation techniques for this vulnerability have been released to the public. Given its high severity and broad impact, we strongly recommend all users ...<a href=https:\/\/www.deepin.org\/en\/linux-kernel-actpedit-vulnerability-fix\/>Read more<\/a><\/p>\n","protected":false},"author":18825,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[75,93],"tags":[],"_links":{"self":[{"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/posts\/39364"}],"collection":[{"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/users\/18825"}],"replies":[{"embeddable":true,"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/comments?post=39364"}],"version-history":[{"count":7,"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/posts\/39364\/revisions"}],"predecessor-version":[{"id":39374,"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/posts\/39364\/revisions\/39374"}],"wp:attachment":[{"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/media?parent=39364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/categories?post=39364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/tags?post=39364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}