—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Privilege escalation vulnerability in Linux kernel (DirtyClone)

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Linux Kernel versions 5.x.x to 7.x.x

Overview

A vulnerability commonly referred to as ‘DirtyClone’ has been reported in the Linux Kernel that could allow an authenticated local attacker to escalate privileges on the affected system.

Target Audience:

All organizations and individuals running affected versions of Linux Kernel.

Risk Assessment:

High risk of local privilege escalation and unauthorized access to sensitive kernel memory.

Impact Assessment:

Potential for privilege escalation, unauthorized modification of protected files, system compromise and disruption of affected systems.

Description

The Linux kernel is the core component of many operating systems, responsible for managing hardware resources and providing essential system services and memory management functionality.

This vulnerability exists in the Linux Kernel due to improper propagation of the SKBFL_SHARED_FRAG flag during packet processing in the networking subsystem. An authenticated local attacker could exploit this flaw to manipulate kernel memory, leading to privilege escalation and root access.

Successful exploitation of this vulnerability could allow an authenticated local attacker to gain elevated privileges, potentially resulting in the complete compromise of the affected system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.kernel.org/

Vendor Information

Linux Kernel

https://www.kernel.org/

References

 

https://www.kernel.org/

CVE Name

CVE-2026-43503

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpCf34ACgkQ3jCgcSdc

ys9E+w//c8IYg1Mu/UrnVh/zHlPx/qsF9BtnMRgQKdzndzDAK2FNmOYS3YQke4nQ

hxz/CDImUEDvChDJFFXa6NL+wj2POAIADQwk3tPmqodtfcZNKktYsU4YWNStCF7n

BYQiXZEuqb53jDWBVgh+fkqriUPsGDLPs3u8LD+Z1MAPHfZ4ETmLLYUPW8PhzETh

pBEtjLy6Eq318NwZChzPraVmqvMwTcPI/dmYcL/eoh0Z12YahrLkg19ZWABSBwOo

bo2gJuokqbF09zvcfuaTzwS7fdGpOm82NDzoouMm4O88q7k4qg2jC7JC+COLzjRq

FewX0/3pc4fe/nfj77sxdjoRx+J4IK/0aOvNl7qLDgQjW8aKDajEVQejDmOGu60F

tpqmqWR9nOvmxURaCrtpg8nsKYxyASUwfNdJyX865XJOgr1sv87eduknpGYxwUYl

BUoUPtzkfqoLGGyN205UK63/1PUupmuI0DCEo8nFRS2N8qx2I+C2Wg4sgxYNwM7A

suvy+gPaZzapjVSJRSNHJZhZLLQBPuImAsFK+yHossHmlZC0uWwgFTQR2tzCBwIg

I/rXPx8asvkxdEgJJi8m8HQ69MyICWj0nBo8rPprAs/FDA1zmEN7SqTG2TqqNNYP

0RMRxlhc+HnFr/Og0zpkyDb34f5JOV2Qm5AQeRMRU1kWmEpEmdo=

=uLBo

—–END PGP SIGNATURE—–