A new Linux kernel privilege escalation vulnerability has been published. It's called DirtyClone, and it belongs to the DirtyFrag family of flaws. A working exploit walkthrough was released on June 25, the first public demonstration for this variant.
The flaw is tracked as CVE-2026-43503 with a CVSS score of 8.8. It lets a local user corrupt file-backed memory through a cloned network packet and gain root privileges. The patch landed in mainline on May 21. If your kernel does not have it, update now.
What Is DirtyClone?
The DirtyClone Linux kernel privilege escalation flaw occurs when the kernel copies a network packet internally. Two helper functions drop a safety flag that marks the packet's memory as shared with a file on disk. That missing flag is the entire vulnerability.
When the kernel tries to handle a cloned network packet, it is unaware that the memory is being used by a file as well. Both the packet and the memory are seen as ordinary data packets. The hacker takes advantage of the confusion and overwrites the memory of the privileged binary.
Exploit Mechanism
The exploit works as follows:
1. Loading of the binary. Here the attacker will load a privileged binary such as /usr/bin/su into the memory.
2. Wiring of pages. Then the attacker wires those memory pages to a network packet.
3. Forcing cloning. Here the attacker will force the kernel to clone the packet.
4. IPsec tunnel. After that the packet is sent using an IPsec tunnel belonging to the attacker.
5. Overwriting. The decryption step will overwrite the login checks in the binary with malicious bytes chosen by the attacker.
The result?
The next time anyone runs su, it hands over root. The file on disk never changes. The modification lives only in the kernel's in-memory copy. File-integrity tools miss it. The attack leaves no audit trail. A reboot restores the original binary.
The attacker already has root by the time anyone might think to check.
Who Is Affected?
Exploitation of the DirtyClone Linux kernel privilege escalation flaw requires CAP_NET_ADMIN to configure the loopback IPsec tunnel. On Debian and Fedora, unprivileged user namespaces are enabled by default. A local user can obtain that capability inside a new namespace.
Ubuntu 24.04 and later restrict namespace creation via AppArmor, blocking the default exploit path. However, page cache is shared at the host level.
Modifications made inside a namespace affect every process on the machine.
The exposed systems are:
1. Multi-tenant servers
2. CI runners
3. Container hosts
4. Kubernetes clusters where untrusted users can create namespaces
JFrog confirmed the exploit works on Debian, Ubuntu, and Fedora systems with default namespace configurations.
The DirtyFrag Family
DirtyClone is the fourth recent privilege escalation with the same failure mode: file-backed memory gets treated as packet data, then an in-place network operation writes where it should have copied.
Copy Fail (CVE-2026-31431): Came first in late April. Exploited the algif_aead module for a four-byte page-cache write.
DirtyFrag (CVE-2026-43284 and CVE-2026-43500): Followed on May 7. Chained IPsec ESP and RxRPC paths for a full write primitive.
Fragnesia (CVE-2026-46300): Appeared on May 13. Bypassed the DirtyFrag patch through a flag-dropping bug in skb_try_coalesce().
DirtyClone (CVE-2026-43503): The latest. Centers on __pskb_copy_fclone(), with skb_shift() also affected.
Each fix closed one code path and left others open. The underlying problem is not one bad helper function. It is a contract problem: every code path that moves skb fragments has to preserve the shared-frag bit, every time.
The Root Cause
The kernel's zero-copy networking lets file-backed memory serve as packet data. A single dropped flag anywhere in the chain turns a performance optimization into a write primitive. Each variant found a path where the contract was not honored.
The original DirtyFrag researcher, Hyunwoo Kim, submitted a broader multi-site patch covering several remaining frag-transfer helpers on May 16. The combined fix was merged on May 21 (commit 48f6a5356a33), assigned CVE-2026-43503 on May 23, and shipped in Linux v7.1-rc5 on May 24.
What to Do
Install your distribution's kernel update. The fix landed upstream in v7.1-rc5 and has been backported to stable and LTS branches. Ubuntu, Debian, and SUSE have published advisories. Red Hat has a Bugzilla tracking entry.
If you cannot patch today, two workarounds reduce the attack surface:
Restrict unprivileged user namespaces.
On Debian and Ubuntu, set:
kernel.unprivileged_userns_clone=0Other distributions use different mechanisms.
Blacklist kernel modules.
Blacklist the esp4, esp6, and rxrpc kernel modules. This breaks IPsec and AFS and only works when those features are loadable modules rather than compiled into the kernel.
Both are temporary controls, not fixes.
The Bigger Picture
The DirtyClone Linux kernel privilege escalation flaw is probably not the last in the DirtyFrag class. Any function that moves fragment descriptors without propagating the shared-frag flag is a potential new CVE. Auditing should cover every path that touches skb_shinfo()->flags during fragment transfer.
The class is not fixed until the contract is enforced everywhere.
The Bottom Line
DirtyClone is the latest in a series of kernel privilege escalation flaws with the same root cause. File-backed memory treated as packet data. A dropped flag. A write primitive. Root access.
Patch your kernels. Restrict namespaces if you can't. And assume that the next variant is already being researched.
FAQ Section
What is DirtyClone?
DirtyClone is a Linux kernel privilege escalation flaw (CVE-2026-43503) that allows a local user to corrupt file-backed memory through a cloned network packet and gain root privileges.
Which kernels are affected?
The vulnerability affects Linux kernels before the patch was merged on May 21. The fix landed in v7.1-rc5 and has been backported to stable and LTS branches.
How is the attack performed?
The adversary creates a copy of a network packet that shares the memory space with a privileged binary. The copy traverses the IPsec tunnel, and in the process of decryption, memory is altered to allow execution of malicious code.
Vulnerable systems?
This vulnerability applies to multi-tenant server environments, CI runners, container hosts, and Kubernetes environments in which untrusted users can create namespaces. The vulnerable systems include the Debian and Fedora operating systems while Ubuntu 24.04+ is not because of AppArmor.
How do I find out if I'm vulnerable?
Compare your kernel to the kernel of your distribution advisories. If you have a newer kernel than May 21, you're probably patched.
What if I am unable to patch?
Limit the use of unprivileged user namespaces, and blacklist the esp4, esp6, and rxrpc kernel modules.
