https://blog.kalfaoglu.net/tags/kernel/Recent content in Kernel on kalfaoglu.netHugoenSun, 28 Jun 2026 00:00:00 +0000https://blog.kalfaoglu.net/posts/2026-06-28-dirtyclone-cve-2026-43503-linux-lpe-en/Sun, 28 Jun 2026 00:00:00 +0000https://blog.kalfaoglu.net/posts/2026-06-28-dirtyclone-cve-2026-43503-linux-lpe-en/<p>On June 25, 2026, JFrog Security Research published a working exploit walkthrough for a Linux kernel privilege escalation they named <a href="https://thehackernews.com/2026/06/new-dirtyclone-linux-kernel-flaw-lets.html">DirtyClone</a>. Tracked as <a href="https://ubuntu.com/security/CVE-2026-43503">CVE-2026-43503</a> with a CVSS score of 8.8, it lets any local user on an unpatched system escalate to root — and the attack leaves nothing on disk for forensic tools to find. That combination should get a hosting operator&rsquo;s attention.</p> <h2 id="what-the-bug-is">What the Bug Is</h2> <p>The flaw lives in <code>__pskb_copy_fclone()</code>, a kernel function that copies network packets internally. When a packet is cloned, this function — and a handful of related fragment-transfer helpers — drops a safety flag called <code>SKBFL_SHARED_FRAG</code>. That flag marks packet memory as shared with a file on disk. Once it&rsquo;s gone, the kernel no longer treats the memory as read-only, and an attacker can write to it.</p>