{"id":13917,"date":"2026-06-27T10:03:58","date_gmt":"2026-06-27T10:03:58","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/06\/27\/new-dirtyclone-linux-vulnerability-allows-attackers-to-gain-root-access-via-cloned-packets\/"},"modified":"2026-06-27T10:03:58","modified_gmt":"2026-06-27T10:03:58","slug":"new-dirtyclone-linux-vulnerability-allows-attackers-to-gain-root-access-via-cloned-packets","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/06\/27\/new-dirtyclone-linux-vulnerability-allows-attackers-to-gain-root-access-via-cloned-packets\/","title":{"rendered":"New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets"},"content":{"rendered":"

New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

A new Linux kernel local privilege escalation vulnerability, dubbed \u201cDirtyClone\u201d (CVE-2026-43503), that allows unprivileged local users to gain full root access by manipulating cloned network packets through the XFRM\/IPsec subsystem, all without leaving a trace in kernel logs or audit records.<\/p>\n

DirtyClone is a high-severity variant in the DirtyFrag vulnerability family, a class of Linux kernel memory corruption bugs affecting how socket buffers (skb) reference shared page-cache memory.<\/p>\n

Tracked as CVE-2026-43503, uncovered by JFrog Security Research\u00a0with a CVSS score of 8.8, it was discovered by JFrog\u2019s Security Research team during an audit of Linux kernel patches addressing earlier DirtyFrag fixes.<\/p>\n

The core issue lies in the __pskb_copy_fclone()<\/code> function, which drops the SKBFL_SHARED_FRAG<\/code> safety flag during packet cloning, the same critical flag that the original DirtyFrag mitigation introduced to protect file-backed page cache memory.<\/p>\n

Unlike its predecessor, DirtyClone exploits a packet cloning path rather than a direct splice path, specifically triggered by the Linux netfilter TEE target that duplicates packets internally using __pskb_copy_fclone()<\/code>.<\/p>\n

The vulnerability was independently reported by JFrog on May 19, 2026, coinciding with a broader upstream report from original DirtyFrag researcher Hyunwoo Kim on May 16.<\/p>\n

The DirtyFrag Vulnerability Family<\/strong><\/h2>\n

DirtyFrag, Fragnesia, and DirtyClone are sibling vulnerabilities, not a chain sharing the same underlying exploitation primitive. All three exploit the kernel\u2019s failure to strictly separate three memory roles: file-backed page cache, networking buffers (skb), and in-place cryptographic transformations.<\/p>\n

\n\n\n\n\n\n\n\n\n
Vulnerability<\/th>\nCVE<\/th>\nDisclosed<\/th>\nSubsystem<\/th>\nWrite Primitive<\/th>\nRoot Required?<\/th>\n<\/tr>\n<\/thead>\n
Copy Fail<\/a><\/strong><\/td>\nCVE-2026-31431<\/td>\nApril 30, 2026<\/td>\n\nalgif_aead<\/code>\u00a0(AF_ALG crypto)<\/td>\n4-byte page-cache write<\/td>\nNo<\/td>\n<\/tr>\n
DirtyFrag<\/a><\/strong><\/td>\nCVE-2026-43284 \/ CVE-2026-43500<\/td>\nMay 8, 2026<\/td>\nIPsec ESP (xfrm) + RxRPC<\/td>\nFull write primitive (chained)<\/td>\nNo<\/td>\n<\/tr>\n
Fragnesia<\/a><\/strong><\/td>\nCVE-2026-46300<\/td>\nMay 14, 2026<\/td>\nXFRM ESP-in-TCP<\/td>\nArbitrary byte write<\/td>\nNo<\/td>\n<\/tr>\n
pedit COW<\/a><\/strong><\/td>\nCVE-2026-46331<\/td>\nJune 26, 2026<\/td>\nnet\/sched act_pedit<\/code><\/td>\nOut-of-bounds page-cache write<\/td>\nNo<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

The original DirtyFrag fix (CVE-2026-43284) introduced the SKBFL_SHARED_FRAG<\/code> flag to protect spliced UDP packets, but subsequent variants like Fragnesia (CVE-2026-46300) and DirtyClone demonstrated that this flag could be silently dropped across multiple code paths.<\/p>\n

\n
\"\"
DirtyClone Linux Vulnerability<\/figcaption><\/figure>\n<\/div>\n

The key insight from JFrog\u2019s research is that the attack primitive is not path-specific; any skb transformation that drops the shared-frag marker becomes an exploitation vector.<\/p>\n

How the Attack Works<\/strong><\/h2>\n

The DirtyClone exploit chains seven steps to achieve privilege escalation:<\/p>\n

    \n
  1. \nMap a privileged binary<\/strong> \u2014 The attacker memory-maps \/usr\/bin\/su<\/code>, loading it into the kernel\u2019s page cache as the write target<\/li>\n
  2. \nSplice page-cache memory into a packet<\/strong> \u2014 Using vmsplice<\/code> and splice<\/code>, the attacker attaches file-backed pages directly into a UDP socket buffer (skb) without copying<\/li>\n
  3. \nConfigure a loopback IPsec tunnel<\/strong> \u2014 A local XFRM\/ESP tunnel is set up via unshare -Urn<\/code> to obtain CAP_NET_ADMIN<\/code> inside a user namespace, keeping all traffic kernel-local<\/li>\n
  4. \nTrigger packet cloning via TEE<\/strong> \u2014 A netfilter TEE rule forces packet duplication through __pskb_copy_fclone()<\/code>, creating a cloned skb that loses<\/strong> the SKBFL_SHARED_FRAG<\/code> flag<\/li>\n
  5. \nForce in-place IPsec decryption<\/strong> \u2014 The cloned skb reaches esp_input()<\/code>, where IPsec decrypts the payload directly into the buffer \u2014 which still references the page cache page of \/usr\/bin\/su<\/code>\n<\/li>\n
  6. \nControlled overwrite using AES-CBC<\/strong> \u2014 By manipulating the encryption key, IV, and packet layout, the attacker computes ciphertext that decrypts into specific target bytes, patching authentication logic inside the binary\u2019s in-memory copy<\/li>\n
  7. \nExecute the modified binary<\/strong> \u2014 The next execution of su<\/code> uses the modified cached page, bypassing authentication and granting root.<\/li>\n<\/ol>\n
    \n
    \n