DirtyClone: Fourth Linux Kernel Flaw in Six Weeks Escalates to Root
ID: 52a3627f-988e-503d-892f-7d8749d605b8
STIX ID: report--52a3627f-988e-503d-892f-7d8749d605b8
Feed Name: Security Affairs
JFrog Security Research disclosed DirtyClone (CVE-2026-43503), a high-severity Linux kernel privilege-escalation that tricks the kernel into treating file-backed page-cache memory as writable network buffers, enabling in-place modification of privileged binaries (e.g., /usr/bin/su) via an IPsec loopback path; a working exploit and PoC were published, the issue scores CVSS 8.8, patches were merged in May 2026, and mitigations include disabling unprivileged user namespace creation or blacklisting specific kernel modules though auditing for further DirtyFrag variants remains necessary.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
