A newly identified Linux kernel vulnerability, termed “DirtyClone” (CVE-2026-43503), enables unprivileged local users to escalate their privileges to root by manipulating cloned network packets through the XFRM/IPsec subsystem. This exploit operates without leaving any trace in kernel logs or audit records.
DirtyClone is a high-severity variant within the DirtyFrag vulnerability family, which encompasses Linux kernel memory corruption issues related to how socket buffers (skb) reference shared page-cache memory. Assigned a CVSS score of 8.8, this vulnerability was discovered by JFrog’s Security Research team during an audit of Linux kernel patches addressing earlier DirtyFrag fixes.
The core issue resides in the `__pskb_copy_fclone()` function, which drops the `SKBFL_SHARED_FRAG` safety flag during packet cloning. This flag was initially introduced to protect file-backed page cache memory. Unlike its predecessor, DirtyClone exploits a packet cloning path rather than a direct splice path, specifically triggered by the Linux netfilter TEE target that duplicates packets internally using `__pskb_copy_fclone()`.
The vulnerability was independently reported by JFrog on May 19, 2026, coinciding with a broader upstream report from the original DirtyFrag researcher, Hyunwoo Kim, on May 16.
The DirtyFrag Vulnerability Family
DirtyFrag, Fragnesia, and DirtyClone are related vulnerabilities that exploit the kernel’s failure to strictly separate three memory roles: file-backed page cache, networking buffers (skb), and in-place cryptographic transformations. These vulnerabilities do not form a chain but share the same underlying exploitation primitive.
The original DirtyFrag fix (CVE-2026-43284) introduced the `SKBFL_SHARED_FRAG` flag to protect spliced UDP packets. However, subsequent variants like Fragnesia (CVE-2026-46300) and DirtyClone demonstrated that this flag could be silently dropped across multiple code paths.
How the Attack Works
The DirtyClone exploit involves a series of steps to achieve privilege escalation:
- Map a privileged binary: The attacker memory-maps `/usr/bin/su`, loading it into the kernel’s page cache as the write target.
- Splice page-cache memory into a packet: Using `vmsplice` and `splice`, the attacker attaches file-backed pages directly into a UDP socket buffer (skb) without copying.
- Configure a loopback IPsec tunnel: A local XFRM/ESP tunnel is set up via `unshare -Urn` to obtain `CAP_NET_ADMIN` inside a user namespace, keeping all traffic kernel-local.
- Trigger packet cloning via TEE: A netfilter TEE rule forces packet duplication through `__pskb_copy_fclone()`.
This sequence allows the attacker to manipulate cloned packets, leading to unauthorized root access.
The discovery of DirtyClone underscores the persistent challenges in securing the Linux kernel against privilege escalation vulnerabilities. It highlights the need for continuous vigilance and prompt patching to protect systems from such exploits.
