A newly uncovered Linux kernel vulnerability named “DirtyClone” permits attackers to bypass read-only protections, manipulate reminiscence in-flight, and achieve full root entry with out leaving a footprint on the disk.
DirtyClone is a extreme native privilege escalation (LPE) flaw within the Linux kernel with a CVSS rating of 8.8. It permits an unprivileged native person to bypass read-only reminiscence protections, corrupt file-backed knowledge, and achieve full root privileges.
A part of the “DirtyFrag” household, it’s the fourth current exploit—following Copy Fail (CVE-2026-31431), DirtyFrag (CVE-2026-43284 / 43500), and Fragnesia (CVE-2026-46300)—to abuse interactions between zero-copy networking optimisations and the system web page cache.
Technical Mechanics & Exploitation
-
The Lacking Flag: The kernel makes use of the
SKBFL_SHARED_FRAGflag to mark community packets referencing disk-backed page-cache reminiscence. This marker triggers a secure Copy-on-Write (COW) sequence if modifications are made. Nonetheless, inside packet-cloning helpers—particularly__pskb_copy_fclone()andskb_shift()—fail to propagate this security flag to the cloned copy. -
The Assault Chain: An attacker hundreds a privileged, read-only binary (resembling
/usr/bin/su) into reminiscence, hyperlinks these reminiscence pages to a community packet, and forces a clone. The unflagged clone is routed by way of an attacker-controlled loopback IPsec processing tunnel. Throughout in-place decryption, the kernel treats the page-cache reminiscence as a regular writable community buffer, permitting the attacker to seamlessly overwrite the binary’s authentication checks. -
Bypassing Detection: As a result of adjustments happen completely inside the kernel’s risky page-cache reminiscence, the bodily file on disk stays pristine. Consequently, conventional file-integrity monitoring instruments are utterly blinded, leaving no audit path. The injected reminiscence adjustments vanish totally upon a system reboot.
Whereas single-user devoted servers face minimal danger, DirtyClone is extremely harmful for multi-tenant environments, container hosts, Kubernetes clusters, and CI/CD runners the place untrusted customers execute code.
Though the exploit requires the CAP_NET_ADMIN functionality, commonplace customers on distributions like Debian, Ubuntu, and Fedora can robotically purchase this by spawning unprivileged person namespaces. The definitive repair was merged into the mainline Linux kernel (commit 48f6a5356a33) and launched in Linux v7.1-rc5 on 24 Could 2026. Main distributions have backported the repair to secure and LTS branches.
If speedy patching and rebooting aren’t potential, directors ought to apply these non permanent workarounds:
-
Prohibit Person Namespaces: Disable unprivileged namespace creation by working:
sysctl -w kernel.unprivileged_userns_clone=0(on Debian/Ubuntu). -
Blacklist Susceptible Modules: Disable the modules liable for the in-place decryption paths by working:
rmmod esp4 esp6 rxrpc(guarantee your surroundings doesn’t actively depend on IPsec VPNs or AFS deployments).