¡¾·ì϶¹«¸æ¡¿Linux Kernel net_sched act_pedit±¾µØÌáȨ·ì϶(CVE-2026-46331)
°ä²¼¹¦·ò 2026-06-17Ò»¡¢·ì϶¸ÅÊö

Linux KernelÊÇLinux²Ù×÷ϵͳµÄÖ÷Ìâ×é¼þ£¬Õƹܹý³Ìµ÷¶È¡¢ÄÚ´æÖÎÀí¡¢ÍøÂçºÍ̸ջ¼°É豸Çý¶¯µÈ»ù´¡Ö°ÄÜ¡£ÆäÖÐnet/sched×ÓϵͳÌṩÁ÷Á¿½ÚÔìºÍÊý¾Ý°ü±à×ëÄÜÁ¦£¬Ö§³ÖQoS¡¢Traffic Control¹æ¶¨¼°ÍøÂçÕ½ÊõÖÎÀí£¬¿í·ºÀûÓÃÓÚ·þÎñÆ÷¡¢ÔÆÆ½Ì¨¡¢ÈÝÆ÷»·¾³¼°ÍøÂçÉ豸¡£
2026Äê6ÔÂ17ÈÕ£¬mansion88Ã÷Éý°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄ£¨VSRC£©¼à²âµ½Linux Kernel net_sched act_pedit±¾µØÌáȨ·ì϶¡£¸Ã·ì϶λÓÚnet/sched/act_pedit.cÎļþ£¬ÓÉÓÚtcf_pedit_act()ÔÚÖ´ÐÐCopy-On-Write´¦ÖÃʱδ˼¿¼typed keyÔËÐÐÊ±Æ«ÒÆ£¬µ¼Ö²¿ÃÅдÈëÇøÓòδʵÏÖCOW¸´Ô죬´Ó¶ø²úÉúÒ³»º´æ´«È¾ÎÊÌâ¡£¹¥»÷Õß¿ÉÀûÓÃÓû§¶¨Ãû¿Õ¼ä¼°CAP_NET_ADMINȨÏÞ»ú¹Ø¶ñÒâÁ÷Á¿½ÚÔì¹æ¶¨£¬¶ÔÕý±¾Ö»¶ÁÎļþ¶ÔÓ¦µÄÒ³»º´æÄÚÈݽøÐÐÅú¸Ä£¬½øÒ»²½¸²¸ÇSUID·¨Ê½´úÂë²¢Ö´ÐÐËÁÒâÖ¸Á×îÖÕ»ñµÃrootȨÏÞ¡£
¶þ¡¢Ó°ÏìÁìÓò
5.18 <= Linux Kernel < 7.1-rc7
ÒÑÑéÖ¤´æÔÚ·ì϶µÄ»·¾³Ô̺¬£º
RHEL 10.0£¨6.12.0-228.el10£©
Debian 13£¨6.12.90+deb13.1£©
Ubuntu 24.04.4£¨6.17.0-22£©
Ubuntu 26.04£¨7.0.0-14-generic£©»·¾³ÖÐδ³É¹¦ÀûÓÃ
Èý¡¢°²È«´ëÊ©
3.1 Éý¼¶°æ±¾
Linux Kernel¹Ù·½ÒѰ䲼½¨¸´²¹¶¡£¬Ö÷Ì⽨¸´ÌύΪ£º
899ee91156e57784090c5565e4f31bd7dbffbc5a
´Ë±í£¬¹Ù·½Í¬²½°ä²¼Á˲¹³ä½¨¸´Ìá½»£º
d504a978572202ef43ac5ecfec2030adda64b13e
ÏÂÔØÁ´½Ó£º
https://github.com/torvalds/linux/commit/899ee91156e57784090c5565e4f31bd7dbffbc5a/
https://github.com/torvalds/linux/commit/d504a978572202ef43ac5ecfec2030adda64b13e
3.2 һʱ´ëÊ©
ÔÝÎÞ¡£
3.3 ͨÓý¨Òé
¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬Ï÷¼õϵͳ·ì϶£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£
¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬Åú¸Ä·À»ðǽսÊõ£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬Ï÷¼õ¹¥»÷Ãæ¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È¡£
ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£
3.4 ²Î¿¼Á´½Ó
https://nvd.nist.gov/vuln/detail/CVE-2026-46331/
https://github.com/torvalds/linux/commit/899ee91156e57784090c5565e4f31bd7dbffbc5a
https://github.com/torvalds/linux/commit/d504a978572202ef43ac5ecfec2030adda64b13e
https://github.com/sgkdev/packet_edit_meme


¾©¹«Íø°²±¸11010802024551ºÅ