New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
A new Linux kernel privilege-escalation vulnerability, CVE-2026-43503 (CVSS 8.8), dubbed DirtyClone, allows local users to gain root by corrupting file-backed memory via cloned network packets.
A new Linux kernel privilege-escalation vulnerability, CVE-2026-43503 (CVSS 8.8), dubbed DirtyClone, has been disclosed by JFrog Security Research, which published the first public exploit walkthrough on June 25, 2026. The flaw is part of the DirtyFrag family and allows a local user to corrupt file-backed memory through a cloned network packet to gain root privileges. The patch landed in mainline on May 21, and users are urged to update immediately.
The vulnerability arises when the kernel copies a network packet internally; two helper functions drop a safety flag that marks the packet's memory as shared with a file on disk. This missing flag is the entire vulnerability. An attacker can load a privileged binary like /usr/bin/su into memory, wire those memory pages into a network packet, and force the kernel to clone it. The cloned packet passes through an IPsec tunnel controlled by the attacker, and the decryption step overwrites the binary's login checks with attacker-chosen bytes. The next time anyone runs su, it hands over root.
The file on disk never changes; the modification lives only in the kernel's in-memory copy, so file-integrity tools miss it, the attack leaves no audit trail, and a reboot restores the original binary. Exploitation requires CAP_NET_ADMIN to configure the loopback IPsec tunnel. On Debian and Fedora, unprivileged user namespaces are enabled by default, so a local user can obtain that capability inside a new namespace. Ubuntu 24.04 and later restrict namespace creation via AppArmor, blocking the default exploit path. Page cache is shared at the host level, so modifications made inside a namespace affect every process on the machine.
The exposed systems are multi-tenant servers, CI runners, container hosts, and Kubernetes clusters where untrusted users can create namespaces. JFrog confirmed the exploit on Debian, Ubuntu, and Fedora systems with default namespace configurations.
DirtyClone is the fourth recent privilege escalation with the same failure mode: file-backed memory gets treated as packet data, then an in-place network operation writes where it should have copied. Previous variants include Copy Fail (CVE-2026-31431), DirtyFrag (CVE-2026-43284 and CVE-2026-43500), and Fragnesia (CVE-2026-46300). Each fix closed one code path and left others open. DirtyClone's demonstrated exploit centers on __pskb_copy_fclone(), with skb_shift() also affected; the broader CVE fix covers additional frag-transfer helpers where the same flag could be lost.
The underlying problem is a contract problem: every code path that moves skb fragments has to preserve the shared-frag bit, every time. The kernel's zero-copy networking lets file-backed memory serve as packet data, and a single dropped flag anywhere in the chain turns a performance optimization into a write primitive. The original DirtyFrag researcher, Hyunwoo Kim, submitted a broader multi-site patch covering several remaining frag-transfer helpers on May 16. The combined fix was merged on May 21 (commit 48f6a5356a33), assigned CVE-2026-43503 on May 23, and shipped in Linux v7.1-rc5 on May 24.
Users should install their distribution's kernel update. The fix landed upstream in v7.1-rc5 and has been backported to stable and LTS branches. Ubuntu, Debian, and SUSE have published advisories; Red Hat has a Bugzilla tracking entry. If patching is not possible, two workarounds reduce the attack surface: restrict unprivileged user namespaces by setting kernel.unprivileged_userns_clone=0, or blacklist the esp4, esp6, and rxrpc kernel modules, though that breaks IPsec and AFS. Both are temporary controls, not fixes. The DirtyFrag class is probably not done; any function that moves fragment descriptors without propagating the shared-frag flag is a potential new CVE.