
Notice Links:
| Posted | Tue, 30 Jun 2026 00:33 AM UTC
Mon, 29 Jun 2026 20:33 PM EDT |
|---|---|
| Last Update | Tue, 30 Jun 2026 10:17 AM UTC (27 hours ago)
Tue, 30 Jun 2026 06:17 AM EDT |
| Status | Open |
A newly disclosed flaw in the Linux kernel's traffic-control subsystem, now assigned CVE-2026-46331 and referred to as “Pedit COW,” . https://gbhackers.com/critical-linux-kernel-flaw-2/ It has been found to grant any unprivileged local user full root access on vulnerable systems. If an actor can run code inside a vulnerable server, for example through a compromised website, shell account, or application, this bug may allow them to have unrestricted server access. MitigationsWhere a server is using a modular kernel, you should check with the distributor as soon as possible for updates and additional mitigation steps. On RimuHosting VPSs, it is possible to disable this attack by setting the following ... sysctl -w user.max_user_namespaces=0 This temporary fix may have a broader impact, you should test your workloads still operate normally after making this change. Fixed kernelsWe are releasing VM kernels to our hosts with the affected component disabled. For 4.14 and later. A reboot will be required to use those. Please use our kernel selector in our control panel to action that. You can verify which kernel your VM is running using the command 'uname -r', it will look something like this...: 6.12.0-really94-rh-20260630114817.xenU.x86_64 Fixed kernels will show a build date of 20260630 or newer. Those digits are the numerical date: 2026 June 30th. Ongoing workWe are continuing to review this vulnerability, and will be providing updates and further recomendations here. Please subscribe to this notice for updates. # | |
Log in to subscribe to changes to this notice.
Set your operation notice contact details for future notifications.