JFrog Security Research published a working exploit walkthrough for DirtyClone (CVE-2026-43503) on June 25, 2026, a new Linux kernel privilege escalation. The vulnerability exploits the loss of the SKBFL_SHARED_FRAG flag during network packet cloning. It is the fourth recent LPE with the same failure mode, and the first to have a complete public demonstration.
The patch was merged into mainline on May 21, 2026, with commit 48f6a5356a33. CVE-2026-43503 was assigned on May 23, with inclusion in Linux v7.1-rc5 on May 24.
- DirtyClone (CVE-2026-43503, CVSS 8.8) enables root escalation by corrupting privileged binaries in memory through cloned network packets with a lost flag
- JFrog demonstrated the exploit on Debian, Ubuntu, and Fedora: the attack modifies only the RAM page cache, leaving on-disk files untouched
- The vulnerability requires CAP_NET_ADMIN, obtainable on some distributions via unprivileged user namespaces enabled by default
- It is the fourth LPE in the family with the same mechanism: Copy Fail (CVE-2026-31431), DirtyFrag (CVE-2026-43284/43500), Fragnesia (CVE-2026-46300), and DirtyClone (CVE-2026-43503)
How the Missing Bit Works
The Linux kernel uses zero-copy networking to attach file-backed memory pages directly to network packets. The SKBFL_SHARED_FRAG flag marks those fragments as shared with on-disk files, preventing in-place write operations.
When helpers like __pskb_copy_fclone() and skb_shift() transfer fragments without propagating this flag, the cloned packet loses its protection. The attacker loads a privileged binary such as /usr/bin/su into memory, attaches those pages to a network packet, and forces the kernel to clone it.
The cloned packet traverses an IPsec tunnel controlled by the attacker. ESP decryption overwrites the binary's login checks in-place. The on-disk file never changes. The modification exists only in the kernel's in-memory copy.
"The file on disk never changes. The modification lives only in the kernel's in-memory copy, so file-integrity tools miss it, the attack leaves no audit trail, and a reboot restores the original binary" — The Hacker News
Why Traditional Detection Fails
The absence of persistent on-disk traces makes DirtyClone insidious for infrastructure relying on file integrity or traditional audit logs. The corruption occurs entirely within the page cache.
The page cache is shared host-wide. Modifications inside a namespace affect every process on the machine. JFrog confirmed the exploit on Debian, Ubuntu, and Fedora systems with default namespace configurations.
On Ubuntu 24.04 and later, AppArmor restricts unprivileged user namespace creation, blocking the default exploit path. Debian and Fedora enable these namespaces by default, allowing CAP_NET_ADMIN to be obtained.
A Vulnerability Class with Recurring Variants
DirtyClone is the fourth recent LPE with the same fundamental failure mode. Copy Fail (CVE-2026-31431, late April) kicked off the series. DirtyFrag (CVE-2026-43284 and CVE-2026-43500, May 7) received the upstream commit f4c50a4034e6. Fragnesia (CVE-2026-46300, May 13) followed. DirtyClone (CVE-2026-43503) completes the picture with the first public exploit.
CVE-2026-43284 has a confirmed CVSS 8.8 from the kernel.org CNA, with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. The NVD record indicates this CVE affects Linux kernel versions 4.11 through 7.0.5 (exclusive). For CVE-2026-43503, specific affected kernel version details are not available from separate records.
The fix for CVE-2026-43284 marks IPv4/IPv6 splice fragments with SKBFL_SHARED_FRAG and introduces a fallback to skb_cow_data() in ESP input. Commit 48f6a5356a33 for DirtyClone covers __pskb_copy_fclone() and skb_shift().
According to the primary source, "the underlying problem is not one bad helper function. It is a contract problem: every code path that moves skb fragments has to preserve the shared-frag bit, every time".
What to Do Now
Organizations must update the kernel to version 7.1-rc5 or later, or apply stable/LTS backports that include commit 48f6a5356a33 for CVE-2026-43503.
For kernels prior to 7.1, it is necessary to verify that patches for CVE-2026-43284 (commit f4c50a4034e6) are present, since that vulnerability shares the base corruption mechanism.
On Debian and Fedora, where unprivileged user namespaces are enabled by default, administrators should evaluate whether to restrict this capability until patches are applied. On Ubuntu 24.04 and later, AppArmor already blocks the default exploit path.
Security teams must consider that traditional file integrity tools do not detect this class of attacks, since the corruption is confined to the in-memory page cache.
Attack Surface and Exposed Systems
JFrog identified multi-tenant servers, CI runners, container hosts, and Kubernetes clusters where untrusted users can create namespaces as particularly exposed. In these environments, host-wide page cache sharing amplifies the vulnerability's impact.
The ability to obtain CAP_NET_ADMIN through unprivileged user namespaces represents the key prerequisite for the exploit. On configurations where this capability is already restricted, the attack path is blocked regardless of patch status.
It is not confirmed whether exploitation in-the-wild exists outside of JFrog's demonstrative PoC. However, the publication of the working exploit walkthrough on June 25, 2026 increases the likelihood of reproduction by malicious actors.
Information has been verified against cited sources and is current as of publication.
Sources
- https://thehackernews.com/2026/06/new-dirtyclone-linux-kernel-flaw-lets.html
- https://almalinux.org/blog/2026-05-07-dirty-frag/
- https://nvd.nist.gov/vuln/detail/CVE-2026-43284
- https://safecomputing.umich.edu/security-alerts/updated-linux-kernel-vulnerability-%E2%80%9Cdirty-frag%E2%80%9D-and-variants
- https://www.kodemsecurity.com/resources/cve-2026-31431-copy-fail-linux-kernel-lpe-breakdown-and-remediation-runbook
- https://lists.almalinux.org/mailman3/lists/security.lists.almalinux.org/
- https://www.kodemsecurity.com/solution/defend-your-application
- https://www.kodemsecurity.com/technology/kodem-core