On June 25, 2026, JFrog published their research into CVE-2026-43503, referring to the vulnerability as DirtyClone. The vulnerability had previously been responsibly disclosed to the Linux kernel maintainers and the CVE record published on May 23, 2026. The vulnerability affects multiple Linux distributions, including all Ubuntu releases. The first security updates for Ubuntu were released on June 2, 2026.
The vulnerability has a CVSS 3.1 score of 8.8, corresponding to HIGH severity, as published on May 30, 2026.
This vulnerability affects the same components as the Dirty Frag and Fragnesia vulnerabilities. As such, if you have applied the mitigations for any of these vulnerabilities by blocking the affected kernel modules, you are also protected against the DirtyClone vulnerability.
On hosts that do not run container workloads, the vulnerability allows a local user to elevate privileges to the root user. The published exploit executes in this type of deployment.
In container deployments that may execute arbitrary third-party workloads, the vulnerability may additionally facilitate container escape scenarios, in addition to local privilege escalation on the host. A proof-of-concept exploit has not been published yet for container escape.
The vulnerability fix is distributed through the Linux kernel image packages.
Please note that if you have previously applied the mitigations described for Dirty Frag or Fragnesia, your system is not affected by DirtyClone.
| Release | Package Name | Remediation Status |
|---|---|---|
| Trusty Tahr (14.04 LTS) | linux | Affected |
| Xenial Xerus (16.04 LTS) | linux | Affected |
| Bionic Beaver (18.04 LTS) | linux | Affected |
| Focal Fossa (20.04 LTS) | linux | Linux 5.4: Affected Linux 5.15: Fixed in 5.15.0-181.191~20.04.1 |
| Jammy Jellyfish (22.04 LTS) | linux | Fixed in 5.15.0-181.191 |
| Noble Numbat (24.04 LTS) | linux | Fixed in 6.8.0-124.124 |
| Questing Quokka (25.10) | linux | Fixed in 6.17.0-35.35 |
| Resolute Raccoon (26.04 LTS) | linux | Fixed in 7.0.0-22.22 |
On your system, run the following command to get the version of the currently running kernel and compare the listed version to the corresponding table above.
uname -r The list of installed kernel packages can be obtained using the following command:
dpkg -l 'linux-image*' | grep ^ii We recommend you upgrade all packages:
sudo apt update && sudo apt upgrade If this is not possible and the Linux kernel is installed via a meta package, its update can be targeted directly:
sudo apt update
dpkg-query -W -f '${source:Package}t${binary:Package}n' | awk '$1 ~ "^linux-meta" { print $2 }' | xargs sudo apt install --only-upgrade A reboot is required once the security updates for the Linux kernel are installed.
sudo reboot The unattended-upgrades feature is enabled by default for Ubuntu 16.04 LTS onwards. This service:
The second development snapshot of Ubuntu 26.10, also known as “Stonking Stingray”, is now available…
Canonical has extended Ubuntu Livepatch support to Arm64 platforms, allowing compatible Ubuntu systems running on…
Mozilla has released Firefox 152, introducing a refreshed settings experience, improved sharing tools, and several…
The KDE community has secured significant financial support from Germany’s Sovereign Tech Fund, receiving a…
Canonical has introduced Workshop, a new open-source utility designed to help developers build consistent development…
Ubuntu 26.04 LTS is a Long-Term Support release that delivers improved stability, stronger security, updated…