DirtyClone: Analyzing and Exploiting the New DirtyFrag Linux Kernel Vulnerability (CVE‑2026‑43503)
The article dissects DirtyClone, a new DirtyFrag variant (CVE‑2026‑43503) that leverages the XFRM/IPsec path to achieve local privilege escalation on Linux, outlines its impact, timeline, technical exploitation steps, and provides mitigation recommendations for affected distributions.
Vulnerability Overview
DirtyClone is the latest member of the DirtyFrag memory‑corruption family. It targets the core network stack by sharing a socket buffer (skb) page with the page cache, enabling an in‑place encryption transformation to be weaponized.
Impact : any unprivileged local user can manipulate the Linux page cache to obtain root access (LPE). The attack leaves no kernel logs, evades typical disk‑integrity monitors, and works on popular distributions that enable unprivileged user namespaces.
Affected Scope
Affected distributions: Debian, Ubuntu, Fedora and other releases that enable unprivileged user namespaces.
Affected kernels: versions that have not applied all DirtyFrag patches.
High‑risk scenarios: multi‑tenant cloud environments, Kubernetes clusters, and container workloads with user namespaces or privileged containers.
Timeline
May 4 – DirtyFrag patches (CVE‑2026‑43284, CVE‑2026‑43500) land in the mainline kernel, fixing the missing SKBFL_SHARED_FRAG flag for spliced UDP packets.
May 13 – Fragnesia (CVE‑2026‑46300) disclosed; patches enter the netdev branch.
May 16 – Upstream multi‑site patch series adds remaining frag‑transfer helpers.
May 19 – JFrog independently discovers the __pskb_copy_fclone variant, builds a PoC and reports it.
May 21 – Patch merged to mainline (commit 48f6a5356a33).
May 23 – CVE‑2026‑43503 assigned.
May 24 – Linux v7.1‑rc5 released, providing the first fix.
Technical Mechanism
Core Problem
DirtyFrag exploits the overlap of three memory roles that the modern Linux kernel does not strictly separate:
File‑backup memory (page cache for executables and regular files).
Network buffers (zero‑copy packet data).
In‑place transformation (e.g., encryption/decryption writing back to the same buffer).
When these contexts intersect, the kernel may modify memory that is still associated with file semantics, corrupting the file‑backup data.
The attack reuses a single physical page both as file data (page cache) and as network packet data (skb).
Exploitation Steps
Map a privileged binary – The attacker maps /usr/bin/su into the page cache. /usr/bin/su → page‑cache page (RAM) Craft an IPsec packet – Using vmsplice and splice, the attacker attaches the page‑cache backup to an skb instead of copying data.
int fd = open("/usr/bin/su", O_RDONLY);
char *p = mmap(NULL, mmap_size, PROT_READ, MAP_SHARED, fd, 0);
struct iovec iov = { .iov_base = p + patch_offset, .iov_len = 16 };
vmsplice(pipefd[1], &iov, 1, 0);
splice(pipefd[0], NULL, sockfd, NULL, 16, 0);Loopback IPsec tunnel – The attacker creates a local IPsec tunnel so the packet stays within the host, ensuring the same kernel processes it.
Packet created by attacker.
Same kernel processes the packet.
Packet passes through the IPsec receive path.
Control decryption output – By choosing the AES‑CBC key, IV and payload layout, the attacker forces a predictable output at a chosen offset after in‑place decryption.
Patch the su binary – The primitive writes a few bytes (e.g., bypassing the authentication branch) into the cached page.
original su page → IPsec write primitive → modified su pageWhen /usr/bin/su is executed again, the kernel reuses the modified cache page, runs the altered instructions, and the attacker gains root.
DirtyFrag Fix Mechanism
The original DirtyFrag fix sets the SKBFL_SHARED_FRAG flag on spliced UDP packets. This flag marks skb data that references a shared (potentially file‑backup) page, forcing the subsystem to perform copy‑on‑write before any in‑place operation.
detect shared page → SKBFL_SHARED_FRAG = 1 → copy skb → safe decryptionFragnesia and CVE‑2026‑43503 patches ensure the flag propagates correctly between functions, preventing accidental loss.
Exploitation Scenario
Environment Setup
The attacker needs CAP_NET_ADMIN (often obtainable via unprivileged user namespaces) to control network interfaces, routes and XFRM/IPsec policies. unshare -Urn Then a loopback‑based IPsec tunnel is configured:
ip link set lo up
ip addr add 10.99.0.2/24 dev lo
ip xfrm state add \
src 127.0.0.1 dst 127.0.0.1 \
proto esp spi 0x12345678 reqid 1 mode transport \
enc 'cbc(aes)' ... \
auth 'hmac(sha1)' ...
ip xfrm policy add \
src 127.0.0.1 dst 127.0.0.1 dir out \
tmpl src 127.0.0.1 dst 127.0.0.1 proto esp reqid 1 mode transport
iptables -t mangle -A OUTPUT -p udp --dport 4500 \
-j TEE --gateway 10.99.0.2TEE’s Critical Role
TEE duplicates the outgoing packet, invoking nf_dup_ipv4 and ultimately __pskb_copy_fclone() to create a cloned skb.
Original skb follows the normal path.
Cloned skb follows the vulnerable transformation path.
The cloned skb loses the SKBFL_SHARED_FRAG flag, which is the root cause of the DirtyClone bypass.
Privilege‑Escalation Primitive
Both skb instances travel through the loopback IPsec configuration. When the cloned skb reaches esp_input(), in‑place decryption writes directly into the shared page cache that backs /usr/bin/su:
file‑backup page (page cache)
├─ /usr/bin/su content
└─ skb payload referenceBy controlling the AES‑CBC key, IV and packet layout, the attacker turns decryption into a controlled write primitive, patching the su binary in memory without touching the on‑disk file.
Mitigation Recommendations
Update immediately : upgrade the kernel to v7.1‑rc5 or apply back‑ported patches for CVE‑2026‑43503.
Temporary mitigations (if patches cannot be applied):
Set kernel.unprivileged_userns_clone=0 to block CAP_NET_ADMIN acquisition.
Blacklist the esp4, esp6 and rxrpc kernel modules to prevent the in‑place decryption primitive.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Black & White Path
We are the beacon of the cyber world, a stepping stone on the road to security.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
