Ralf Hacker Channel
28.1K subscribers
470 photos
17 videos
503 files
610 links
Download Telegram
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
DirtyClone — CVE-2026-43503

A Linux kernel local privilege escalation and page-cache write. DirtyClone is the fourth public member of the DirtyPipe / DirtyFrag family: it forces the kernel to run an in-place ESP (IPsec) decrypt over a file-backed page-cache page the attacker only has read access to, mutating that page in RAM. With the AES-CBC key/IV chosen so the decrypt writes attacker-controlled bytes, /usr/bin/su is rewritten with a tiny setuid(0)+execve("/bin/sh") ELF and invoking it yields root.

🔗 Research:
https://research.jfrog.com/post/dissecting-and-exploiting-linux-lpe-variant-dirtyclone-cve-2026-43503/

🔗 Exploit:
https://github.com/rafaeldtinoco/security/tree/main/exploits/dirtyclone

#linux #lpe #kernel #dirty
🔥22👍5🥰1