DirtyClone (CVE-2026-43503) is a local privilege escalation vulnerability in the Linux kernel with a CVSS score of 8.8. It is a variant of the DirtyFrag vulnerability family, involving memory corruption due to improper handling of socket buffers (skb) referencing shared page-cache memory. The kernel does not properly separate page cache used for executables/files from packet data processed via zero-copy paths and in-place cryptographic transformations, leading to file-backed memory corruption. The vulnerability was fixed on May 24, 2026, with the full chain of patches culminating in Linux kernel version v7.1-rc5. Systems missing any of these patches remain vulnerable. The flaw allows local users with CAP_NET_ADMIN capability to gain root privileges, posing a high risk to multi-tenant and containerized environments. The vulnerability affects popular Linux distributions that enable unprivileged user namespaces if they run vulnerable kernel versions.

The vulnerability allows unprivileged local users with CAP_NET_ADMIN capability to escalate privileges to root by exploiting memory corruption in the Linux kernel's page cache handling. This can compromise the entire system, especially in environments where multiple tenants or containers share the same kernel. The impact is high due to the potential for full system compromise. However, no known exploits in the wild have been reported at the time of disclosure.

A complete fix is available and was released on May 24, 2026. Updating to Linux kernel version v7.1-rc5 or later, which includes the full chain of patches addressing DirtyFrag and related vulnerabilities, mitigates this issue. Systems that have only partially applied patches remain vulnerable. Administrators should verify that their kernel includes all relevant fixes (CVE-2026-43284, CVE-2026-43500, CVE-2026-46300, and CVE-2026-43503). No additional mitigation is required if the system is fully patched.