Executive Summary
A critical vulnerability in the Linux kernel, known as DirtyClone (CVE-2026-43503), enables local privilege escalation to root on most modern Linux distributions. Publicly disclosed by JFrog Security Research in June 2026, this flaw is a variant of the DirtyFrag family and is accompanied by a working proof-of-concept exploit. DirtyClone allows attackers with local code execution to corrupt file-backed memory via cloned network packets, bypassing file integrity tools and leaving minimal forensic traces. The vulnerability is particularly dangerous in multi-tenant servers, CI/CD runners, container hosts, and Kubernetes clusters. While exploitation has been confirmed by multiple security researchers, as of this writing, CISA does not list CVE-2026-43503 in its Known Exploited Vulnerabilities (KEV) catalog, so there is no CISA-confirmed active exploitation.
Technical Information
DirtyClone (CVE-2026-43503) is a high-severity vulnerability (CVSS 8.8 per kernel.org, 7.0 per Red Hat) affecting the Linux kernel networking stack, specifically the skbuff fragment handling subsystem. The flaw arises from improper propagation of the SKBFL_SHARED_FRAG flag in the kernel helper functions __pskb_copy_fclone() and skb_shift(). When fragment descriptors are moved between skbuffs, the absence of this flag allows an attacker to manipulate the in-memory page cache of privileged binaries.
The exploitation process involves loading a privileged binary (such as /usr/bin/su) into memory, wiring those memory pages into a network packet, cloning the packet, and passing it through an attacker-controlled IPsec tunnel. The decryption step then overwrites the in-memory binary with attacker-chosen bytes. The next execution of the binary results in root privileges for the attacker. Notably, this attack only modifies the in-memory page cache, not the file on disk, thereby evading file integrity monitoring and leaving no audit trail. A system reboot restores the original binary.
Exploitation requires local code execution and the CAP_NET_ADMIN capability to configure the loopback IPsec tunnel. On Debian and Fedora, unprivileged user namespaces are enabled by default, allowing local users to obtain this capability in a new namespace. Ubuntu 24.04+ restricts namespace creation via AppArmor, blocking the default exploit path. The page cache is shared at the host level, so modifications in a namespace affect all processes.
Exploitation in the Wild
JFrog Security Research has published a working exploit and technical write-up, and both Sansec and The Hacker News confirm that the exploit works on default Debian, Ubuntu, and Fedora installations. The typical attack scenario involves a webshell or malicious plugin on a shared server or container host escalating to root, disabling security tooling, and persisting undetected until reboot. While there are no public reports of APT or ransomware groups using DirtyClone at this time, the exploit is trivial for skilled attackers and is expected to be rapidly adopted in cloud and hosting environments.
APT Groups using this vulnerability
As of June 2026, there are no public reports attributing exploitation of DirtyClone to specific APT groups or ransomware operators. However, due to the ease of exploitation and the availability of a public proof-of-concept, it is anticipated that threat actors will soon incorporate this vulnerability into their toolkits, especially in cloud, DevOps, and shared infrastructure environments.
Affected Product Versions
The following Linux kernel versions are affected:
Linux kernel versions from 3.9 up to (excluding) 5.10.257, 5.11 up to (excluding) 5.15.208, 5.16 up to (excluding) 6.1.174, 6.2 up to (excluding) 6.6.141, 6.7 up to (excluding) 6.12.91, 6.13 up to (excluding) 6.18.33, 6.19 up to (excluding) 7.0.10, and 7.1-rc1 to 7.1-rc4. The vulnerability is patched in Linux v7.1-rc5 and backported to stable/LTS branches.
Major distributions affected include Debian, Ubuntu, Fedora, SUSE, and Red Hat (see Red Hat Bugzilla). Multi-tenant and containerized environments such as Kubernetes, Docker, and CI/CD runners are at high risk. Red Hat Enterprise Linux 6, 7, 8 and OpenShift Container Platform 4 are listed as unaffected.
For the most up-to-date and exhaustive CPE list, see: NVD CVE-2026-43503
Workaround and Mitigation
Immediate patching is the most effective mitigation. Upgrade to a kernel version with the fix (mainline commit 48f6a5356a33, Linux v7.1-rc5 or backported stable/LTS).
Temporary mitigations include restricting unprivileged user namespaces by setting sysctl -w kernel.unprivileged_userns_clone=0, and blacklisting vulnerable modules (if not needed) by creating /etc/modprobe.d/dirtyclone.conf with the following content:
install rxrpc /bin/false
install esp4 /bin/false
install esp6 /bin/false
Then run rmmod rxrpc esp4 esp6 2>/dev/null || true to unload the modules. For container hosts, restrict capabilities and namespace creation via seccomp and AppArmor profiles.
Indicators of Compromise
Indicators of compromise for DirtyClone are extremely limited due to the in-memory nature of the attack. No public indicators of compromise were available at the time of writing. Defenders should focus on monitoring for unusual kernel module activity (unexpected loading/unloading of esp4, esp6, or rxrpc modules) and abuse of namespaces and capabilities (unprivileged user namespace creation and CAP_NET_ADMIN usage by non-root users).
References
JFrog Security Research: DirtyClone Write-up, NVD CVE-2026-43503, The Hacker News: DirtyClone Linux Kernel Flaw, Sansec: DirtyClone Guide, Red Hat Bugzilla, Kernel.org Patch
Rescana is here for you
Rescana provides a comprehensive Third-Party Risk Management (TPRM) platform that empowers organizations to continuously monitor, assess, and mitigate cyber risks across their supply chain and vendor ecosystem. Our platform leverages advanced threat intelligence and automation to help you stay ahead of emerging vulnerabilities and compliance requirements. We are happy to answer questions at info@rescana.com.
