{
  "claim": {
    "argus_claim_ref": null,
    "attacker_control": "unprivileged local attacker configuring XFRM/IPsec, netfilter TEE rule, and vmsplice/splice zero-copy socket data",
    "claimed_surface": "local_only",
    "expected_impact": "privilege_escalation",
    "finding_id": null,
    "id": null,
    "required_entrypoint_detail": "Linux kernel networking stack paths __pskb_copy_fclone(), skb_shift(), skb_gro_receive(), skb_gro_receive_list(), tcp_clone_payload(), skb_segment() triggered via local XFRM/IPsec + netfilter TEE + vmsplice/splice on UDP socket",
    "required_entrypoint_kind": "local_kernel_runtime",
    "submission_reason": "ticket_derived_llm",
    "trigger_class": "local_execution",
    "upstream_verdicts": {
      "claim_extraction": {
        "confidence": "high",
        "model": "accounts/fireworks/models/kimi-k2p7-code",
        "reason": "Ticket describes a local privilege escalation in the Linux kernel networking stack where missing propagation of the SKBFL_SHARED_FRAG flag during skb fragment transfers lets an unprivileged local attacker write decrypted bytes into a root-owned read-only binary's page cache and gain root.",
        "source": "llm"
      }
    }
  },
  "latest_description": "CVE-2026-43503 (DirtyClone) is a local privilege escalation flaw in the Linux kernel networking stack. When socket-buffer (skb) fragment descriptors are transferred between skbs by __pskb_copy_fclone(), skb_shift(), skb_gro_receive(), skb_gro_receive_list(), tcp_clone_payload(), and skb_segment(), the kernel fails to propagate the SKBFL_SHARED_FRAG flag in skb_shinfo()->flags. A cloned skb can therefore keep a reference to file-backed page-cache memory while reporting skb_has_shared_frag() as false. This bypasses the XFRM/IPsec skb_cow_data() copy-on-write safeguard, allowing an unprivileged local attacker to write decrypted bytes into a root-owned read-only binary's page cache and ultimately gain root code execution.\n\nAffected versions: Linux kernel mainline before v7.1-rc5; stable branches before 5.10.257, 5.15.208, 6.1.174, 6.6.141, 6.12.91, 6.18.33, 7.0.10. Fixed upstream in Linux v7.1-rc5 (commit 48f6a5356a33dd78e7144ae1faef95ffc990aae0) and backported to the stable commits listed in NVD/GitHub Advisory.\n\nReproduction context: A vulnerable runtime kernel with CONFIG_XFRM, CONFIG_INET_ESP, CONFIG_NETFILTER_XT_TARGET_TEE, and unprivileged user namespaces enabled. From an unprivileged user+network namespace, bring up loopback, configure a loopback XFRM/IPsec transport-mode SA and policy, install a netfilter TEE rule to force packet duplication through the __pskb_copy_fclone() path, mmap a SUID root binary into the page cache, use vmsplice/splice to attach that page-cache page as zero-copy data on a UDP socket, send the packet through the IPsec output path, and observe that the in-place decryption writes into the shared page-cache page on the vulnerable kernel. On a fixed kernel, the shared-frag flag is preserved, skb_cow_data() triggers a copy before decryption, and the page-cache contents remain unchanged.",
  "product": "linux",
  "severity": "high",
  "status": "open",
  "summary": "DirtyClone: Linux kernel local privilege escalation via SKB shared-frag marker loss",
  "ticket_id": "CVE-2026-43503"
}