VulnHub

Real-time Cybersecurity News

New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets

The Hacker News
LinuxCVEExploitVulnerabilityPatchPrivilege Escalation

Overview

A new privilege escalation vulnerability in the Linux kernel, known as DirtyClone, has been identified, allowing local users to gain root access by exploiting corrupted file-backed memory through cloned network packets. This flaw, tracked as CVE-2026-43503, has a CVSS score of 8.8, indicating a high severity level. JFrog Security Research demonstrated a working exploit for this vulnerability on June 25, marking the first public showcase of its kind. Users and organizations running affected Linux systems should be aware of the potential risks this flaw poses, as it can be exploited to take control of systems if not addressed promptly. A patch has been released to mitigate this issue, and users are encouraged to apply it as soon as possible to protect their systems.

Key Takeaways

  • Affected Systems: Linux kernel versions affected by CVE-2026-43503, particularly those that allow local users to exploit cloned network packets.
  • Action Required: A patch has been released for the vulnerability, and users are advised to apply this update immediately to secure their systems against potential exploitation.
  • Timeline: Newly disclosed

Original Article Summary

DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant. Tracked as CVE-2026-43503 (CVSS 8.8), it lets a local user corrupt file-backed memory through a cloned network packet and gain root. The patch landed in

Impact

Linux kernel versions affected by CVE-2026-43503, particularly those that allow local users to exploit cloned network packets.

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Newly disclosed

Remediation

A patch has been released for the vulnerability, and users are advised to apply this update immediately to secure their systems against potential exploitation.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Linux, CVE, Exploit, and 3 more.

Read Original Article

Related Coverage

Polymarket customers lose $3 million in supply-chain attack

BleepingComputer

Polymarket, an online prediction market platform, reported a significant security incident that resulted in approximately $3 million in losses for its customers. This breach occurred when attackers injected a malicious script into Polymarket's frontend, exploiting a vulnerability in a third-party vendor's systems. As a result, user accounts were compromised, leading to unauthorized access and theft of funds. Polymarket has stated that it will fully reimburse affected customers, which is a crucial step in maintaining trust with its user base. This incident emphasizes the risks associated with relying on third-party services and highlights the importance of robust security measures in online platforms.

Jun 26, 2026

Chinese APT CL-STA-1062 Expands Attacks on Southeast Asian Critical Infrastructure With Custom Malware

Security Affairs

Researchers from Palo Alto Networks Unit 42 have reported that a Chinese-speaking advanced persistent threat group, tracked as CL-STA-1062, has been targeting government and energy networks in Southeast Asia. This group has been active since at least March 2022 and has recently intensified its operations in the region, employing custom malware known as TinyRCT to exploit vulnerabilities in critical infrastructure. The focus on Southeast Asia raises concerns about the security of essential services and the potential for significant disruptions. As these attacks target vital sectors, governments and organizations in the region need to bolster their cybersecurity defenses to mitigate risks posed by such sophisticated threats.

Jun 26, 2026

Meta Is Testing Facial Recognition for Police and Military

Schneier on Security

Meta is currently testing a facial recognition technology that could be integrated into eyeglasses for real-time identification. This development is particularly notable because it is being prototyped in collaboration with a supplier for the Pentagon, raising concerns about privacy and surveillance. The technology seems to be aimed at law enforcement agencies, including ICE, which has expressed interest in deploying similar devices. This initiative could have significant implications for civil liberties, as it may facilitate increased monitoring of individuals in public spaces. The potential for misuse or overreach by authorities also adds to the urgency of the conversation around ethical implications and regulations surrounding facial recognition technology.

Jun 26, 2026

Think tank warns US markets face hidden infrastructure risks

SCM feed for Latest

A new report from the Institute for Critical Infrastructure Technology (ICIT) warns that the U.S. financial markets are at risk due to hidden vulnerabilities in infrastructure concentration. The report indicates that many critical systems are overly reliant on a small number of providers, which could lead to significant disruptions if those providers experience failures or attacks. This concentration poses a challenge to market resilience, as the interconnected nature of these systems means that a single point of failure could have widespread repercussions. The findings urge policymakers and businesses to address these vulnerabilities to ensure the stability and security of the market. Addressing these issues is crucial for maintaining public trust and the overall health of the economy.

Jun 26, 2026

NIST seeks public feedback on updated IoT security guidelines

SCM feed for Latest

The National Institute of Standards and Technology (NIST) has released a draft of updated guidelines aimed at improving the cybersecurity of Internet of Things (IoT) products used by the federal government. Titled 'IoT Product Cybersecurity Guidelines for the Federal Government: Establishing IoT Product Cybersecurity Requirements,' this draft is open for public comment until August 24. The guidelines are intended to set specific cybersecurity standards for IoT devices, which have become increasingly prevalent in both government and private sectors. By seeking feedback, NIST hopes to address potential security gaps and ensure that IoT devices meet certain safety benchmarks. This initiative is crucial as vulnerabilities in IoT products can lead to significant risks, including unauthorized access and data breaches.

Jun 26, 2026

FCC approves new cybersecurity rules for emergency alerts and undersea cables

SCM feed for Latest

The Federal Communications Commission (FCC) has approved new cybersecurity regulations aimed at enhancing the security of the Emergency Alert System (EAS) and Wireless Emergency Alerts (WEA). These systems, which are critical for disseminating emergency information to the public, are vulnerable to hijacking attacks. The new rules are designed to prevent unauthorized access and ensure that alerts sent during emergencies are authentic and reliable. This move comes as a response to increasing concerns about the potential misuse of these systems, which could lead to widespread panic and misinformation. By strengthening these regulations, the FCC hopes to protect public safety and maintain trust in emergency communication channels.

Jun 26, 2026