A newly disclosed Linux kernel vulnerability lets a local user escalate privileges all the way to root. What makes it particularly concerning is that a proof of concept and public exploits are already circulating. If you're running Ubuntu, Debian, or Red Hat systems, you should apply the latest kernel patch soon.
What's behind the flaw
The vulnerability is tracked as EUVD-2026-37039 and CVE-2026-46331, with a CVSS score of 7.8. It lives in the kernel's traffic control subsystem, specifically the act_pedit module. The root cause is a missing bounds check that allows writes outside the intended memory region. That can corrupt the page cache, letting an attacker with a local account gain root access.
Two conditions need to be met for exploitation. The attacker needs to be able to configure traffic control (tc), a Linux feature for managing network traffic that also uses pedit, and they need the CAP_NET_ADMIN capability. Neither is trivial to obtain on its own, but the public exploits lower the bar significantly, even though there's no evidence of active exploitation yet.
What you should do now
An upstream patch already fixes the issue by restricting writes to the allowed range and adding a check for integer overflows. Until your systems are patched, a few steps help reduce the risk:
- Update to a patched kernel as soon as possible.
- Restrict who can be granted CAP_NET_ADMIN.
- Disable unnecessary tc rules for packet handling.
- Limit the use of unprivileged user namespaces.
- Reboot after installing the fixed kernel.
Given how easily accessible the exploits are, it's worth prioritizing this update.