A newly disclosed Linux kernel vulnerability called DirtyClone (CVE-2026-43503) allows local users to escalate privileges to root by exploiting a flaw in the handling of cloned network packets that share file-backed memory. Attackers with CAP_NET_ADMIN can manipulate in-memory copies of privileged binaries without altering the disk files, evading detection and gaining root access once the binaries are executed. The Linux kernel patch fixing this issue was released in May 2026, and users are urged to apply updates or restrict unprivileged user namespaces to mitigate the risk.
https://thehackernews.com/2026/06/new-dirtyclone-linux-kernel-flaw-lets.html