logo

DirtyClone: Fourth Linux Kernel Flaw in Six Weeks Escalates to Root

ID: 52a3627f-988e-503d-892f-7d8749d605b8

STIX ID: report--52a3627f-988e-503d-892f-7d8749d605b8

Feed Name: Security Affairs

Threat Score
78/100

Date Published: 2026-06-27

Date Updated: 2026-06-27

Author: Pierluigi Paganini

...
...

JFrog Security Research disclosed DirtyClone (CVE-2026-43503), a high-severity Linux kernel privilege-escalation that tricks the kernel into treating file-backed page-cache memory as writable network buffers, enabling in-place modification of privileged binaries (e.g., /usr/bin/su) via an IPsec loopback path; a working exploit and PoC were published, the issue scores CVSS 8.8, patches were merged in May 2026, and mitigations include disabling unprivileged user namespace creation or blacklisting specific kernel modules though auditing for further DirtyFrag variants remains necessary.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.