A newly uncovered Linux kernel vulnerability named “DirtyClone” allows attackers to bypass read-only protections, manipulate memory in-flight, and gain full root access without leaving a footprint on the disk.
DirtyClone is a severe local privilege escalation (LPE) flaw in the Linux kernel with a CVSS score of 8.8. It allows an unprivileged local user to bypass read-only memory protections, corrupt file-backed data, and gain full root privileges.
Part of the “DirtyFrag” family, it is the fourth recent exploit—following Copy Fail (CVE-2026-31431), DirtyFrag (CVE-2026-43284 / 43500), and Fragnesia (CVE-2026-46300)—to abuse interactions between zero-copy networking optimisations and the system page cache.
Technical Mechanics & Exploitation
-
The Missing Flag: The kernel uses the
SKBFL_SHARED_FRAGflag to mark network packets referencing disk-backed page-cache memory. This marker triggers a safe Copy-on-Write (COW) sequence if modifications are made. However, internal packet-cloning helpers—specifically__pskb_copy_fclone()andskb_shift()—fail to propagate this safety flag to the cloned copy. -
The Attack Chain: An attacker loads a privileged, read-only binary (such as
/usr/bin/su) into memory, links those memory pages to a network packet, and forces a clone. The unflagged clone is routed through an attacker-controlled loopback IPsec processing tunnel. During in-place decryption, the kernel treats the page-cache memory as a standard writable network buffer, allowing the attacker to seamlessly overwrite the binary’s authentication checks. -
Bypassing Detection: Because changes occur exclusively within the kernel’s volatile page-cache memory, the physical file on disk remains pristine. As a result, traditional file-integrity monitoring tools are completely blinded, leaving no audit trail. The injected memory changes vanish entirely upon a system reboot.
While single-user dedicated servers face minimal risk, DirtyClone is highly dangerous for multi-tenant environments, container hosts, Kubernetes clusters, and CI/CD runners where untrusted users execute code.
Although the exploit requires the CAP_NET_ADMIN capability, standard users on distributions like Debian, Ubuntu, and Fedora can automatically acquire this by spawning unprivileged user namespaces. The definitive fix was merged into the mainline Linux kernel (commit 48f6a5356a33) and released in Linux v7.1-rc5 on 24 May 2026. Major distributions have backported the fix to stable and LTS branches.
If immediate patching and rebooting are not possible, administrators should apply these temporary workarounds:
-
Restrict User Namespaces: Disable unprivileged namespace creation by running:
sysctl -w kernel.unprivileged_userns_clone=0(on Debian/Ubuntu). -
Blacklist Vulnerable Modules: Disable the modules responsible for the in-place decryption paths by running:
rmmod esp4 esp6 rxrpc(ensure your environment does not actively rely on IPsec VPNs or AFS deployments).
