New DirtyClone Linux Kernel Flaw Enables Local Root Access

A dangerous new Linux kernel vulnerability, dubbed DirtyClone, has been disclosed this week. The flaw enables unprivileged local users to escalate their privileges to root by manipulating the Linux page cache. It is considered a variant of the previously known DirtyFrag vulnerability, following a similar exploitation pattern.

SecurityWeek reports the vulnerability allows an attacker with local access to gain full root control over an affected system. This makes it a significant threat in multi-user environments or any scenario where an attacker has already achieved a foothold. No CVSS score or CVE identifier were provided in the available sources.

DirtyClone operates by exploiting how the kernel handles page cache operations. A local attacker can craft specific operations to corrupt cache data or elevate permissions, leading to complete system compromise. Because the attack requires local access, it is not an immediate threat from the internet, but greatly amplifies danger after an initial breach.

No patches or specific mitigation steps were mentioned in the reports. Administrators should monitor official Linux distribution channels for updates and apply kernel patches promptly once released. In the interim, restricting local user access and auditing system activity can help reduce risk.

Attribution for the discovery was not detailed in the available coverage. This vulnerability adds to a growing list of Linux kernel flaws disclosed recently, underscoring the importance of rigorous kernel hardening and regular patch cycles.