
Notice Links:
| Posted | Tue, 30 Jun 2026 00:33 AM UTC
Mon, 29 Jun 2026 20:33 PM EDT |
|---|---|
| Last Update | Tue, 7 Jul 2026 02:04 AM UTC (6 days ago)
Mon, 6 Jul 2026 22:04 PM EDT |
| Status | Open |
| Affected Location | Dallas (TX) |
A newly disclosed flaw in the Linux kernel's traffic-control subsystem, now assigned CVE-2026-46331 and referred to as “Pedit COW,” . https://gbhackers.com/critical-linux-kernel-flaw-2/ It can grant any unprivileged local user full root access on vulnerable systems. If an actor can run code inside a vulnerable server, for example through a compromised website, shell account, or application, this bug may allow them to have unrestricted server access. Over the last month or two there have been a handful of similar exploits. This is partly a result of AI-powered work going into finding bugs and improving the kernel. VM restartsDue to the severity of the issue we will attempt to restart affected VMs where we are able to boot them onto a patched kernel. You can run these restarts yourself or disable the restarts or schedule when they run over using our 'server patch' tool at: FYI we wrote a a blog post about how this tool is used. MitigationsWhere a server is using a modular kernel - e.g. if you boot a VM with pvgrub - you should check with the distributor as soon as possible for updates and additional mitigation steps. On RimuHosting VPSs, it is possible to disable this attack by setting the following ... sysctl -w user.max_user_namespaces=0 This temporary fix may have a broader impact, you should test your workloads still operate normally after making this change. Fixed kernelsWe are releasing VM kernels to our hosts with the affected component disabled. For 4.14 and later. A reboot will be required to use those. Please use our kernel selector in our control panel to action that. You can verify which kernel your VM is running using the command 'uname -r', it will look something like this...: 6.12.0-really95-rh-20260705204515.xenU.x86_64 Fixed kernels will show a build date of 20260705 or newer. Those digits are the date: 2026-07-05. For 4.14 kernels the PEDIT option was disabled in 20260630 and that kernel is not receiving further updates. It is recommended you try a newer kernel, e.g. 5.10. Ongoing workWe are continuing to review this vulnerability, and will be providing updates and further recomendations here. Please subscribe to this notice for updates. # | |
Log in to subscribe to changes to this notice.
Set your operation notice contact details for future notifications.