Ubuntu has released critical security updates to patch a severe vulnerability that allows local attackers to gain full control of affected systems. The flaw, tracked as CVE-2026-46331 and dubbed "pedit COW," enables privilege escalation to root across a wide range of Ubuntu releases.

The vulnerability resides in the Linux kernel's networking subsystem. A local user with limited access can exploit it to elevate their privileges, ultimately achieving root access. This grants attackers complete administrative control, facilitating system manipulation, data theft, or malware installation.

According to the official advisory, all Ubuntu releases starting with version 18.04 "Bionic Beaver" LTS are impacted. The broad scope affects a significant number of active server, desktop, and cloud deployments worldwide.

CVE-2026-46331 was assigned on June 16, 2026, and its significance as a high-severity privilege escalation threat was formally highlighted on June 26. In response, Ubuntu has dispatched mitigations via its standard security channels.

The remediation process is non-negotiable and urgent. System administrators must immediately apply the latest kernel security updates for their Ubuntu version and then reboot the systems. The patches are ineffective until a restart occurs, as the new kernel must be loaded into memory.

This incident underscores a persistent challenge in securing complex, open-source codebases. Critical flaws in fundamental subsystems can emerge even after extensive review, making proactive and rapid patch management a cornerstone of system security. For those managing Ubuntu infrastructure, prioritizing patch compliance and rebooting all affected systems is essential to mitigate the risk of compromise.


Ubuntu 已發佈關鍵安全更新,以修補一個允許本地攻擊者完全控制受影響系統的嚴重漏洞。該漏洞被編號為 CVE-2026-46331,並被命名為「pedit COW」,可在多個 Ubuntu 版本上實現權限提升至 root。

此漏洞存在於 Linux 核心的網絡子系統中。具有有限存取權限的本地用戶可利用它提升自身權限,最終取得 root 存取權限。這使攻擊者能完全控制系統,進而操作系統、竊取數據或安裝惡意軟件。

根據官方公告,所有自 18.04「Bionic Beaver」LTS 版本起的 Ubuntu 版本均受影響。其影響範圍極廣,波及全球大量正在運行的伺服器、桌面及雲端部署環境。

CVE-2026-46331 於 2026 年 6 月 16 日被分配,其作為高危權限提升威脅的重要性於 6 月 26 日正式確立。Ubuntu 隨即透過其標準安全渠道發佈了緩解措施。

補救過程緊急且不容延緩。系統管理員必須立即為其 Ubuntu 版本應用最新的核心安全更新,然後重新啟動系統。補丁在重啟前無效,因為新核心必須載入記憶體方能生效。

此事件突顯了在保護複雜的開源程式碼庫方面長期存在的挑戰。基本子系統中的關鍵漏洞即使經過廣泛審查仍可能出現,這使得積極且迅速的補丁管理成為系統安全的基石。對於管理 Ubuntu 基礎設施的人員而言,優先處理補丁合規性並重新啟動所有受影響系統,對於降低系統被入侵的風險至關重要。

新聞來源 / Original News Source