KernelCare livepatches for pedit COW have shipped and are live on the KernelCare main feed for affected CloudLinux versions. KernelCare-subscribed servers receive the fix automatically on the next kcarectl –update. Confirmed patch IDs by version:
CloudLinux 8: K20260624_18 — production feed since June 25 CloudLinux 9 (AlmaLinux 9): K20260626_30 — production feed since June 29 CloudLinux 10 (AlmaLinux 10): K20260625_20 — production feed since June 26 CloudLinux for Ubuntu 22.04 (Jammy): K20260625_01 — production feed since June 25
Posted Jul 03, 2026 - 20:03 UTC
Identified
pedit COW is a separate, new bug in a different part of the kernel, the traffic-control act_pedit action in net/sched, not the XFRM/ESP path behind Dirty Frag and Fragnesia. The module blacklist you may have applied for those does not cover this vulnerability. The mitigation below targets a different module (act_pedit).
Patched CloudLinux kernels for CL7h and CL8 are released to the beta channel and rolling out to stable. Target versions: CL7h: kernel-4.18.0-553.137.1.lve.el7h or newer CL8: kernel-4.18.0-553.137.1.lve.el8 or newer
Patched AlmaLinux kernels for CL9 and CL10 are available in the production (stable) repositories. Target versions: CL9 / AlmaLinux 9: kernel-5.14.0-687.17.1.el9_8 or newer CL10 / AlmaLinux 10: kernel-6.12.0-211.26.1.el10_2 or newer
KernelCare livepatches for CVE-2026-46331 are in active build and test.
CloudLinux for Ubuntu 22.04 runs the stock Ubuntu kernel; there is no CloudLinux-built kernel for this platform, and the production fix arrives from Canonical via apt. Track its status on the Ubuntu CVE page.