Linux Kernel Shared Fragment Handler Vulnerability in Networking Stack
CVE-2026-43503

8.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
23 May 2026

Badges

πŸ“ˆ Score: 975πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

What is CVE-2026-43503?

CVE-2026-43503 is a vulnerability found in the Linux kernel's networking stack, specifically relating to the management of Shared Fragment Handler in the socket buffer (skb) handling. The issue arises from two frag-transfer helpers, __pskb_copy_fclone() and skb_shift(), which do not correctly propagate the SKBFL_SHARED_FRAG bit when transferring fragment descriptors from one socket buffer to another. This oversight can lead to an attacker being able to exploit the gap by facilitating unauthorized writes into memory pages that are supposed to be protected, allowing unprivileged users access to resources they shouldn't be able to manipulate. This can potentially disrupt system integrity and confidentiality, especially when sensitive data is involved, making it critical for organizations relying on Linux systems to address this vulnerability.

Potential impact of CVE-2026-43503

  1. Unauthorized Memory Writes: The vulnerability enables unprivileged users to perform unauthorized writes into the page cache of protected files, which can lead to data corruption or unauthorized data manipulation, severely affecting the integrity of the affected applications and systems.

  2. Increased Attack Surface: By allowing attackers to exploit this flaw, organizations face an expanded attack vector that could be used for additional, more complex attacks, including privilege escalation or further network intrusion.

  3. Potential for Data Breaches: Given that the vulnerability can alter fundamentally accessible data stores, it poses a significant threat to data confidentiality. Attackers could exploit this issue to gain access to sensitive information, leading to potential data breaches that compromise user privacy and organizational data security.

Affected Version(s)

Linux cef401de7be8c4e155c6746bfccf721a4fa5fab9

Linux cef401de7be8c4e155c6746bfccf721a4fa5fab9 < 179f1852bdedc300e373e807cc102cd81feff196

Linux cef401de7be8c4e155c6746bfccf721a4fa5fab9 < 12401fcfb01f53ccc63ab0a3246570fe8f3105ee

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-43503
Created by 0xBlackash

News Articles

favicon imageThe Hacker News

New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets

DirtyClone, tracked as CVE-2026-43503, lets local users gain root by corrupting file-backed memory through cloned network packets.

13 hours ago

References

https://git.kernel.org/stable/c/fbeab9555564a1b98e8582cd1...
https://git.kernel.org/stable/c/179f1852bdedc300e373e807c...
https://git.kernel.org/stable/c/12401fcfb01f53ccc63ab0a32...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.