ctipilot.ch

Home · Live brief · Weekly 2026-W27

CVE-2026-43503 (DirtyClone) and CVE-2026-46331 (pedit COW) — Linux kernel LPE with public weaponised PoCs

notable vulnerability discovered 2026-06-29 00:21 UTC

Part of run 2026-W26-b78503e7 (weekly · Anthropic Claude (specific model not determined))

Two page-cache-corruption local-privilege-escalation flaws drew working exploits within the window. JFrog published a full DirtyClone walkthrough (XFRM/IPsec skb cloning) on 06-25; a companion tc act_pedit out-of-bounds write (pedit COW) gained a weaponised PoC within a day of assignment. Both are post-auth root escalation on patched-but-unrebooted hosts — prioritise kernel updates on multi-tenant and internet-exposed Linux where an initial foothold is plausible.

vulnerabilities lpe priv-esc poc-public patch-available global CVE-2026-43503 CVE-2026-46331