Proof-of-Concept Exploits Released for Two Linux Kernel Privilege Escalation Flaws

Researchers have published proof-of-concept exploits for two Linux kernel vulnerabilities, CVE-2026-43503 (DirtyClone) and CVE-2026-46331, both of which can enable local privilege escalation on unpatched systems. The DirtyClone vulnerability, bypasses previous protections against the DirtyFrag vulnerability class by exploiting flaws in packet cloning during IPsec processing, allowing attackers to modify page-cache memory and gain root privileges. The second flaw affects the Linux kernel’s traffic control packet editing subsystem, where an out-of-bounds write can corrupt page-cache memory, potentially leading to privilege escalation or system crashes. Security researchers recommend applying the latest kernel updates immediately or implementing vendor-recommended mitigations, such as restricting vulnerable kernel modules and limiting privileged networking capabilities.

Reference: scworld.com