logo

Linux Kernel DirtyClone Vulnerability Lets Local Attackers Gain Root Privileges

ID: 46a288a1-3fcd-52d4-ac28-4fcf94f53c19

STIX ID: report--46a288a1-3fcd-52d4-ac28-4fcf94f53c19

Feed Name: GBHackers

Threat Score
80/100

Date Published: 2026-06-27

Date Updated: 2026-06-27

Author: Eswar

...
...

JFrog Security Research disclosed 'DirtyClone' (CVE-2026-43503), a Linux kernel local privilege escalation in the XFRM/IPsec via netfilter TEE path that allows attackers with CAP_NET_ADMIN (often obtainable via unprivileged user namespaces) to trick the kernel into writing decrypted data into file-backed page-cache memory and achieve silent root access; the advisory includes technical details, related DirtyFrag variants, a CVSS 8.8 rating, disclosure/patch timeline, and mitigation recommendations (update kernels or disable unprivileged user namespaces).

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.