Two Linux Kernel Flaws Enable Local Root Privilege Escalation

Two serious privilege escalation vulnerabilities have emerged in the Linux kernel, both enabling local unprivileged users to gain root access. Tracked as CVE-2026-43503 (CVSS 8.8) and nicknamed "DirtyClone," the flaw lets an attacker corrupt file-backed memory through cloned network packets. A second vulnerability, CVE-2026-46331, is an out-of-bounds write in the packet-editing action (act_pedit) that poisons shared page-cache memory.

DirtyClone, part of the DirtyFrag vulnerability family, received its first public exploit walkthrough from JFrog Security Research on June 25. The pedit COW flaw saw a working exploit surface within a day of its CVE assignment on June 16. Both require local access, elevating the risk on shared or multi-user systems where unprivileged users exist.

Technically, DirtyClone targets file-backed memory corruption via cloned network packets, enabling a local user to escalate privileges. The pedit COW bug exploits the kernel's traffic-control subsystem, specifically the act_pedit action, to write out of bounds and corrupt cached binaries. Red Hat has assessed the severity of the pedit COW flaw.

Patches for both vulnerabilities have landed in the Linux kernel, though specific version details and distribution rollout timelines remain sparse. System administrators should prioritize updating kernels on any multi-user or untrusted-user systems immediately. No workarounds have been disclosed for either flaw.

Attribution points to independent security researchers: JFrog published the DirtyClone proof-of-concept, while the pedit COW exploit appeared rapidly after CVE assignment. Both flaws underscore the persistent challenge of memory corruption bugs in the kernel's networking stack, a frequent target for privilege escalation attacks.