Linux Kernel: DirtyFrag and DirtyClone Local Privilege Escalation Vulnerabilities
The Linux kernel is affected by a series of critical local privilege escalation (LPE) vulnerabilities known as the DirtyFrag family, specifically DirtyClone (CVE-2026-43503) and CVE-2026-53130. DirtyClone leverages cloned network packets to corrupt file-backed memory, enabling attackers to rewrite executable code in memory to achieve root privileges without leaving traces on the physical disk. DirtyFrag involves memory corruption within the rxrpc (Remote XDR RPC) and ESP (Encapsulating Security Payload) subsystems. These vulnerabilities allow unprivileged local users to bypass kernel security boundaries for full system compromise. Remediation requires immediate application of patches provided by Linux kernel maintainers.
Linux Kernel CVE-2026-23111: One-Character Flaw Enables Local Root Access
CVE-2026-23111 is a critical Use-After-Free (UAF) vulnerability in the Linux kernel's nf_tables subsystem, triggered by a single-character logic error during memory deallocation. This flaw allows unprivileged local users to perform heap grooming to overwrite process cred structures, achieving Local Privilege Escalation (LPE) to root. Furthermore, the vulnerability enables container escapes within Docker and Kubernetes environments by bypassing namespace isolation. Following the release of a functional exploit by Exodus Intelligence on June 8, 2026, the risk to unpatched Linux distributions and cloud-native infrastructures is severe. Organizations must prioritize kernel updates or restrict unprivileged user namespaces to mitigate this threat.