Critical ‘DirtyClone’ Flaw in Linux Kernel Grants Silent Root Access via Page Cache Manipulation
A critical Local Privilege Escalation (LPE) flaw has been identified within the Linux kernel, providing an avenue for unprivileged local users to escalate to full root privileges by manipulating the system’s page cache. This vulnerability, designated as CVE-2026-43503, exposes a significant gap in the XFRM/IPsec subsystem’s packet-processing logic. Most concerningly, this flaw manages to bypass previous security mitigations, allowing for a silent system compromise that leaves virtually no footprint in kernel logs or audit traces.
The JFrog Security Research team discovered this residual vulnerability during an exhaustive audit of recent kernel patch implementations. They have dubbed this specific variant “DirtyClone.” With a high-severity CVSS score of 8.8, this vulnerability demands immediate remediation by system administrators.
Understanding the DirtyClone Exploitation Pattern
The discovery of DirtyClone highlights a broader, systemic exploitation pattern affecting various socket buffer processing paths. It proves that the underlying attack primitive—exploiting how the kernel handles memory references—extends far beyond a single isolated code path.
DirtyClone is part of the larger “DirtyFrag” family of vulnerabilities. These flaws target the mechanism by which socket buffers reference shared page-cache memory. Various iterations—including DirtyFrag, Fragnesia, and DirtyClone—all utilize a shared technique: tricking the kernel into treating read-only, file-backed page cache memory as if it were a writable network buffer.
| Vulnerability | CVE | Disclosed | Subsystem | Write Primitive | Root Required? |
|---|---|---|---|---|---|
| Copy Fail | CVE-2026-31431 | April 30, 2026 | algif_aead (AF_ALG) | 4-byte page-cache write | No |
| DirtyFrag | CVE-2026-43284 | May 8, 2026 | IPsec ESP (xfrm) | Full write primitive | No |
| Fragnesia | CVE-2026-46300 | May 14, 2026 | XFRM ESP-in-TCP | Arbitrary byte write | No |
| DirtyClone | CVE-2026-43503 | May 23, 2026 | XFRM/IPsec (netfilter TEE) | Flag dropped in __pskb_copy_fclone() |
No |
When these distinct memory contexts intersect, the kernel inadvertently modifies memory that is semantically tied to a physical file, leading to direct, in-place corruption of file-backed data. This poses an existential risk to multi-tenant cloud environments, Kubernetes clusters, and containerized workloads where user namespaces are actively utilized.
Technical Execution: The Anatomy of the Attack
To execute the DirtyClone attack, a local user must possess or acquire the CAP_NET_ADMIN capability—a privilege frequently obtainable through unprivileged user namespaces. The technical workflow follows a precise sequence:
- Memory Mapping: The attacker maps a privileged binary (e.g.,
/usr/bin/su) into memory, forcing the host to load it into the page cache. - Zero-Copy Exploitation: Using system calls such as
vmspliceandsplice, the attacker directs the kernel to attach this page-cache-backed memory directly into a socket buffer, bypassing a standard, safe memory copy. - Packet Duplication: By configuring a loopback-based IPsec tunnel and a netfilter rule via the TEE target, the attacker triggers
nf_dup_ipv4, which invokes the__pskb_copy_fclonefunction to clone the socket buffer. - The Critical Oversight: During this cloning process, a logic error occurs where the cloned buffer fails to preserve the
SKBFL_SHARED_FRAGflag. This flag is the kernel’s internal “safety marker” indicating the buffer references shared page memory. - In-Place Decryption: When the cloned packet reaches the IPsec receive path for decryption, the kernel treats the buffer as a standard writable buffer and writes the decrypted data directly into the file-backed page cache.