By ByteBot
Two Linux kernel privilege escalation exploits dropped this week, within days of each other, and both have working public proof-of-concept code. The first is DirtyClone (CVE-2026-43503), a new member of the DirtyFrag family where JFrog Security Research published a working exploit walkthrough on June 25. The second is pedit COW (CVE-2026-46331), which poisons binaries in memory while leaving disk files completely untouched – meaning file-integrity tools give an all-clear while a root shell is already running. Both are patched. Whether your systems are running those patches is a different question.
How DirtyClone Actually Works
DirtyClone (CVE-2026-43503) lives in the kernel packet cloning code. When the kernel internally copies a network packet, two helper functions – __pskb_copy_fclone() and skb_shift() – drop a safety flag called SKBFL_SHARED_FRAG. That flag marks the packet memory as shared with a file on disk. Without it, the kernel no longer knows the memory is off-limits for writes.
The exploit chain goes like this: load a privileged binary like /usr/bin/su into memory, wire those memory pages into a network packet, force the kernel to clone it through an IPsec tunnel you control, and let the decryption step overwrite the binary authentication checks with attacker-controlled bytes. The result is a root shell. The attack leaves no kernel logs, triggers no audit traces, and bypasses on-disk integrity monitoring because the disk copy is never touched. CVSS score: 8.8.
The DirtyFrag Family Is Getting More Reliable, Not Less
DirtyClone is not an isolated bug. It is the latest member of a growing vulnerability class with a now-familiar lineage:
- DirtyCow (2016): Race condition in page cache copy-on-write – the bug that put this class on the map
- DirtyPipe (2022): Write arbitrary data to read-only files via pipe; hit Android too
- DirtyFrag (May 2026): No race condition needed – deterministic local privilege escalation across Ubuntu, RHEL, Fedora, and openSUSE
- DirtyClone (June 2026): Targets the packet cloning path; same deterministic exploit class
- pedit COW (June 2026): Corrupts in-memory binary copies; file-integrity tooling is completely blind to it
The trend is clear. Each iteration is more reliable and harder to detect. DirtyCow required a race condition that sometimes crashed the kernel. DirtyFrag and DirtyClone do not. This is a systemic issue in how the Linux kernel tracks page-cache ownership across different code paths – and security researchers are finding new attack surfaces within it every few months.
pedit COW: The Sneakier Exploit
CVE-2026-46331 (pedit COW) is arguably the more alarming of the two for security teams. It exploits an out-of-bounds write in act_pedit, the packet-editing action inside the kernel traffic control subsystem. The exploit poisons the cached copy of /bin/su in memory – the binary on disk stays completely clean. Tools like AIDE or Wazuh that check file hashes will report no changes. The root shell is already open by the time anyone looks.
Prerequisites are limited: act_pedit must be loadable and unprivileged user namespaces must be open – both common in default configurations. A working public exploit appeared within one day of the June 16 CVE assignment. Affected versions run from Linux v5.18 through v7.1-rc6. TuxCare’s breakdown notes that the fix was originally buried in a routine data-corruption patch on the netdev mailing list – no security warning, no CVE, just sitting there for weeks.
Who Is Actually at Risk
“Requires local access” is a phrase security teams use to deprioritize patches. It is increasingly wrong. Multi-tenant cloud VMs, Kubernetes cluster nodes where pods share a kernel, CI/CD build runners that execute third-party pull request code, developer VMs, and shared staging environments all represent scenarios where an untrusted user has local access. JFrog confirmed successful exploits on Debian, Ubuntu, and Fedora with default namespace configurations. This is not theoretical.
What to Do Right Now
Both flaws are patched upstream. DirtyClone fix was merged on May 21 (Linux v7.1-rc5). pedit COW is patched in v7.1-rc7. Distro patches are available for Debian (Bullseye, Bookworm, Trixie) and Ubuntu. Check Ubuntu advisory and your distribution security tracker for the relevant kernel version.
If immediate patching is not possible, apply these mitigations. For DirtyClone, disable unprivileged user namespaces: on Debian/Ubuntu run sysctl -w kernel.unprivileged_userns_clone=0, on RHEL/Fedora run sysctl -w user.max_user_namespaces=0. Alternatively, blacklist the affected modules: esp4, esp6, and rxrpc. For pedit COW, block the module by adding install act_pedit /bin/true to /etc/modprobe.d/disable-pedit.conf.
Two serious Linux kernel privilege escalation exploits, both with public PoC code, published in the same week. The DirtyFrag bug class is not winding down – researchers are finding more attack surfaces in the same architectural problem. Security teams that treat “local access only” as a reason to deprioritize patching are making a bet that their CI runners, cloud VMs, and Kubernetes nodes will never host a malicious user. That is a bet worth reconsidering.
