Skip to main content
  1. Blog
  2. Article

Luci Stanescu
on 1 July 2026

DirtyClone Linux kernel local privilege escalation vulnerability fixes available


On June 25, 2026, JFrog published their research into CVE-2026-43503, referring to the vulnerability as DirtyClone. The vulnerability had previously been responsibly disclosed to the Linux kernel maintainers and the CVE record published on May 23, 2026. The vulnerability affects multiple Linux distributions, including all Ubuntu releases. The first security updates for Ubuntu were released on June 2, 2026.

The vulnerability has a CVSS 3.1 score of 8.8, corresponding to HIGH severity, as published on May 30, 2026.

This vulnerability affects the same components as the Dirty Frag and Fragnesia vulnerabilities. As such, if you have applied the mitigations for any of these vulnerabilities by blocking the affected kernel modules, you are also protected against the DirtyClone vulnerability.

Impact

Deployments without container workloads

On hosts that do not run container workloads, the vulnerability allows a local user to elevate privileges to the root user. The published exploit executes in this type of deployment.

Container deployments

In container deployments that may execute arbitrary third-party workloads, the vulnerability may additionally facilitate container escape scenarios, in addition to local privilege escalation on the host. A proof-of-concept exploit has not been published yet for container escape.

Affected releases

The vulnerability fix is distributed through the Linux kernel image packages.

Please note that if you have previously applied the mitigations described for Dirty Frag or Fragnesia, your system is not affected by DirtyClone.

ReleasePackage NameRemediation Status
Trusty Tahr (14.04 LTS)linuxAffected
Xenial Xerus (16.04 LTS)linuxAffected
Bionic Beaver (18.04 LTS)linuxAffected
Focal Fossa (20.04 LTS)linuxLinux 5.4: Affected
Linux 5.15: Fixed in 5.15.0-181.191~20.04.1
Jammy Jellyfish (22.04 LTS)linuxFixed in 5.15.0-181.191
Noble Numbat (24.04 LTS)linuxFixed in 6.8.0-124.124
Questing Quokka (25.10)linuxFixed in 6.17.0-35.35
Resolute Raccoon (26.04 LTS)linuxFixed in 7.0.0-22.22

How to check if you are impacted

On your system, run the following command to get the version of the currently running kernel and compare the listed version to the corresponding table above.

uname -r

The list of installed kernel packages can be obtained using the following command:

dpkg -l 'linux-image*' | grep ^ii

Security updates

We recommend you upgrade all packages:

sudo apt update && sudo apt upgrade

If this is not possible and the Linux kernel is installed via a meta package, its update can be targeted directly:

sudo apt update
dpkg-query -W -f '${source:Package}\t${binary:Package}\n' | awk '$1 ~ "^linux-meta" { print $2 }' | xargs sudo apt install --only-upgrade

A reboot is required once the security updates for the Linux kernel are installed. 

sudo reboot

The unattended-upgrades feature is enabled by default for Ubuntu 16.04 LTS onwards. This service:  

  • Applies new security updates every 24 hours automatically.
  • If you have this enabled, the patches above will be automatically applied within 24 hours of being available, but a reboot is still required.

Related posts


Luci Stanescu
1 July 2026

pedit COW kernel local privilege escalation vulnerability mitigations

Ubuntu Article

Mitigations are available for the Linux vulnerability with CVE ID CVE-2026-46331. The CVE ID was assigned on June 16 2026 and highlighted as a local privilege escalation (LPE) vulnerability on June 26, 2026. Known as “pedit COW”, this vulnerability affects multiple Linux distributions, including all Ubuntu releases starting with Bionic Be ...


seth-arnold
21 May 2026

PinTheft Linux kernel vulnerability mitigation

Ubuntu Ubuntu tech blog

A local privilege escalation (LPE) security vulnerability in the Linux kernel, codename “PinTheft,” was publicly disclosed on May 19, 2026. The vulnerability was fixed in the mainline Linux kernel tree. A proof-of-concept exploit was published along with public disclosure. This has been assigned the CVE ID CVE-2026-43494; other discoverin ...


Luci Stanescu
19 May 2026

CVE-2026-46333 (ssh-keysign-pwn) Linux kernel vulnerability mitigations

Ubuntu Ubuntu tech blog

An information disclosure security vulnerability in the Linux kernel was publicly disclosed on May 15th, 2026. The vulnerability was reported by Qualys and fixed in the mainline Linux kernel tree. A proof-of-concept exploit was published soon after public disclosure. The ID CVE-2026-46333 was assigned, but the vulnerability is also referr ...