{"uuid": "ea46cfd5-3370-4496-9a1a-aefdbb531d83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43503", "type": "seen", "source": "https://t.me/P0x3k_1N73LL1G3NC3/381", "content": "DirtyClone \u2014 CVE-2026-43503\n\nA Linux kernel local privilege escalation and page-cache write. DirtyClone is the fourth public member of the\u00a0DirtyPipe / DirtyFrag\u00a0family: it forces the kernel to run an in-place ESP (IPsec) decrypt over a file-backed page-cache page the attacker only has\u00a0read\u00a0access to, mutating that page in RAM. With the AES-CBC key/IV chosen so the decrypt writes attacker-controlled bytes,\u00a0/usr/bin/su\u00a0is rewritten with a tiny\u00a0setuid(0)+execve(\"/bin/sh\")\u00a0ELF and invoking it yields root.\n\n\ud83d\udd17 Research: \nhttps://research.jfrog.com/post/dissecting-and-exploiting-linux-lpe-variant-dirtyclone-cve-2026-43503/\n\n\ud83d\udd17 Exploit:\nhttps://github.com/rafaeldtinoco/security/tree/main/exploits/dirtyclone\n\n#linux #lpe #kernel #dirty", "creation_timestamp": "2026-07-13T22:00:03.663406Z"}