OESA-2026-2870

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2870
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2870.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2870
Upstream
Published
2026-07-06T06:31:07Z
Modified
2026-07-06T06:45:18.386818152Z
Summary
kernel security update
Details

The Linux Kernel, the operating system core itself.

Security Fix(es):

In the Linux kernel, the following vulnerability has been resolved:

net/sched: fix pedit partial COW leading to page cache corruption

tcfpeditact() computes the COW range for skbensurewritable() once before the key loop using tcfpoffmax_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd.

Fix by moving skbensurewritable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skbcow() to COW the headroom instead. Guard offsetvalid() against INT_MIN, where negation is undefined.(CVE-2026-46331)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP4 / kernel

Package

Name
kernel
Purl
pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.19.90-2606.5.0.0378.oe2003sp4

Ecosystem specific

{
    "aarch64": [
        "bpftool-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm",
        "bpftool-debuginfo-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm",
        "kernel-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm",
        "kernel-debuginfo-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm",
        "kernel-debugsource-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm",
        "kernel-devel-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm",
        "kernel-source-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm",
        "kernel-tools-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm",
        "kernel-tools-debuginfo-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm",
        "kernel-tools-devel-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm",
        "perf-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm",
        "perf-debuginfo-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm",
        "python2-perf-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm",
        "python2-perf-debuginfo-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm",
        "python3-perf-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm",
        "python3-perf-debuginfo-4.19.90-2606.5.0.0378.oe2003sp4.aarch64.rpm"
    ],
    "src": [
        "kernel-4.19.90-2606.5.0.0378.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "bpftool-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm",
        "bpftool-debuginfo-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm",
        "kernel-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm",
        "kernel-debuginfo-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm",
        "kernel-debugsource-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm",
        "kernel-devel-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm",
        "kernel-source-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm",
        "kernel-tools-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm",
        "kernel-tools-debuginfo-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm",
        "kernel-tools-devel-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm",
        "perf-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm",
        "perf-debuginfo-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm",
        "python2-perf-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm",
        "python2-perf-debuginfo-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm",
        "python3-perf-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm",
        "python3-perf-debuginfo-4.19.90-2606.5.0.0378.oe2003sp4.x86_64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2870.json"