DirtyClone (CVE-2026-43503): The Linux Kernel Flaw That Leaves No Trace
On June 25, 2026, JFrog Security Research published a working exploit walkthrough for a Linux kernel privilege escalation they named DirtyClone. Tracked as CVE-2026-43503 with a CVSS score of 8.8, it lets any local user on an unpatched system escalate to root — and the attack leaves nothing on disk for forensic tools to find. That combination should get a hosting operator’s attention. What the Bug Is The flaw lives in __pskb_copy_fclone(), a kernel function that copies network packets internally. When a packet is cloned, this function — and a handful of related fragment-transfer helpers — drops a safety flag called SKBFL_SHARED_FRAG. That flag marks packet memory as shared with a file on disk. Once it’s gone, the kernel no longer treats the memory as read-only, and an attacker can write to it. ...