New DirtyClone Vulnerability in Linux Kernel Enables Local Privilege Escalation

Two critical vulnerabilities in the Linux kernel have been disclosed, including DirtyClone (CVE-2026-43503) and another local privilege escalation flaw (CVE-2026-46331). DirtyClone allows local users to gain root access by manipulating cloned network packets, exploiting a flaw in the XFRM/IPsec subsystem. This vulnerability was confirmed to affect popular Linux distributions like Debian, Ubuntu, and Fedora. The first proof-of-concept for DirtyClone was published on June 26, 2026, and it is part of the DirtyFrag vulnerability family. The second vulnerability, CVE-2026-46331, involves an out-of-bounds write flaw in the traffic control packet editing subsystem, also leading to potential page cache corruption. Both vulnerabilities have been patched, but immediate action is recommended for those unable to apply updates. JFrog Security Research has provided detailed exploit walkthroughs for both vulnerabilities.

Key Points: • DirtyClone (CVE-2026-43503) allows local users to escalate privileges to root via cloned packets. • CVE-2026-46331 targets the traffic control packet editing subsystem, leading to page cache corruption. • Patches are available, but immediate mitigation is advised for systems unable to update.