Exploit for CVE-2026-43503

Name: Exploit for CVE-2026-43503
Rating: 5 (3 reviews)

2026-06-26 | CVSS 8.8

## https://sploitus.com/exploit?id=921E88F8-3925-519D-9067-4928D48E9B4D
# CVE-2026-43503 — DirtyClone

Linux local privilege escalation. A cloned `sk_buff` loses the
`SKBFL_SHARED_FRAG` flag, so ESP in-place decryption writes into file-backed
page-cache memory. The PoC patches `/etc/passwd` in cache to inject a uid-0
account and gives a root shell. Disk is never modified.

Fixed in mainline `48f6a5356a33` (v7.1-rc5).

## Usage

Run as an unprivileged user:

```bash
python3 CVE-2026-43503.py
```

```
[*] uid=1000 -> root
[+] injected uid 0 account 'firefart' (password: pwned)
uid=0(root) gid=0(root) groups=0(root)
[+] root achieved
```

## Requirements

Unpatched kernel, unprivileged user namespaces enabled, and `python3` +
`libcrypto` + `iproute2` + `iptables` on the target.

## Disclaimer

For authorized testing and research only.