🟠 High | Source: The Hacker News
A newly disclosed Linux kernel vulnerability, CVE-2026-43503 (dubbed DirtyClone), allows a local user to corrupt file-backed memory via a cloned network packet and escalate privileges to root. It belongs to the DirtyFrag family of kernel flaws and carries a CVSS score of 8.8. JFrog Security Research published a working exploit walkthrough on 25 June 2026, making this immediately actionable for defenders.
Security Architect’s Take: Prioritise patching Linux kernel versions affected by CVE-2026-43503 across all cloud VM fleets and container hosts — pay particular attention to multi-tenant environments where local access by unprivileged users is possible, as a container escape or compromised pod could lead to host root. Verify your cloud provider’s managed node images (EKS, GKE, AKS) have applied the upstream patch and enforce kernel update policies via your IaC or node auto-upgrade mechanisms.
Original advisory: New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets