Linux Gets Dirty Again: DirtyClone Kernel Flaw Can Lead to Local Root Access

Staff Editor 2026-06-26
Linux Gets Dirty Again: DirtyClone Kernel Flaw Can Lead to Local Root Access

Linux Gets Dirty Again: DirtyClone Kernel Flaw Can Lead to Local Root Access

https://linuxiac.com/linux-gets-dirty-again-dirtyclone-kernel-flaw-can-lead-to-local-root-access/

Publish Date: 2026-06-26 09:43:00

Source Domain: linuxiac.com

Just when Linux admins were starting to put DirtyFrag behind them, another closely related kernel flaw has entered the spotlight, showing the story is not quite over yet. Security researchers at JFrog have disclosed DirtyClone, a new Linux kernel local privilege escalation vulnerability tracked as CVE-2026-43503.

While related to the same class of bugs as DirtyFrag, DirtyClone exploits a different path in the kernel’s networking code, indicating that previous fixes did not fully address this attack vector.

The vulnerability has a CVSS score of 8.8, classifying it as high severity. The good news is (if you can call it that), it cannot be exploited remotely; an attacker must have local access or the ability to execute code as an unprivileged user.

However, once local access is obtained, the impact is significant. DirtyClone enables privilege escalation to root and might enable container escape in certain scenarios.

The problem stems from how the Linux kernel manages socket buffer fragments. Some helper functions do not preserve a marker indicating when a packet fragment uses shared or file-backed memory. Without this marker, subsequent kernel code may incorrectly treat the memory as safe for direct modification.

Under certain conditions, an attacker can exploit this behavior to modify data in the kernel page cache. This allows changes to the in-memory version of a root-owned, read-only file without altering the file on disk.

The attack requires access to networking-related kernel functions, notably those involving XFRM/IPsec handling and socket buffer fragments. JFrog notes that systems with unprivileged user namespaces enabled are especially at risk, as capabilities like CAP_NET_ADMIN can become accessible within a namespace.

Importantly, not all Linux systems are equally vulnerable. Factors such as kernel version, distribution patches, enabled features, and security hardening influence risk. However, the vulnerability is serious and…

Source

More Stories

NVIDIA 580.173.02 Linux driver released for older GeForce GTX GPUs

NVIDIA 580.173.02 Linux driver released for older GeForce GTX GPUs

Staff Editor 2026-06-26
More AMD Zen 6 Prepping, Many ASUS / Lenovo / HP Laptop Improvements For Linux 7.2

More AMD Zen 6 Prepping, Many ASUS / Lenovo / HP Laptop Improvements For Linux 7.2

Staff Editor 2026-06-26
I stopped using beginner Linux distros, and my workflow finally made sense

I stopped using beginner Linux distros, and my workflow finally made sense

Staff Editor 2026-06-26

Terms and Conditions - Privacy Policy