Exploit for pagecache-lpe-containment-kit CVE-2026-43503 CVE-2026-46331

Name: Exploit for pagecache-lpe-containment-kit CVE-2026-43503 CVE-2026-46331
Rating: 5 (2 reviews)
2026-06-27 | CVSS 8.8
## https://sploitus.com/exploit?id=927189F5-055C-5E36-A2C8-0F7428A5314E
# Page-Cache LPE Containment Kit

> Detect, contain, and verify defenses against two Linux page-cache-corruption local privilege
> escalations — **DirtyClone (CVE-2026-43503)** and **pedit COW (CVE-2026-46331)** — on hosts and
> containers.

[![License: Apache 2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](LICENSE)
[![TLP:CLEAR](https://img.shields.io/badge/TLP-CLEAR-brightgreen.svg)](#scope--ethics)
[![Scope: detection & prevention](https://img.shields.io/badge/scope-detection%20%26%20prevention-informational.svg)](#scope--ethics)
[![Platform: Linux](https://img.shields.io/badge/platform-Linux-lightgrey.svg)](#requirements)

This is an **educational, defensive** security kit. It explains how both vulnerabilities work at the
syscall level and ships hardening, detection, verification, and seccomp tooling — plus a validation
harness that proves the tooling works on real kernels. **It contains no exploit, shellcode, or
target offsets, by design.**

---

## Table of contents

- [Why this exists](#why-this-exists)
- [The vulnerability in 30 seconds](#the-vulnerability-in-30-seconds)
- [Quick start](#quick-start)
- [What's in the box](#whats-in-the-box)
- [Requirements](#requirements)
- [Scope & ethics](#scope--ethics)
- [Learn more](#learn-more)
- [Contributing](#contributing)
- [License](#license)

---

## Why this exists

Both CVEs let an **unprivileged local user become root** by corrupting the **page cache** (the RAM
copy) of a setuid-root binary such as `/usr/bin/su` — without ever touching the file on disk. That
makes them stealthy: file-integrity monitoring stays green, disk forensics find nothing, and the
corruption clears on reboot.

Patching the kernel is the real fix. But during the rollout window — and as defense-in-depth
afterward — you need to **close the attack paths, watch for the attack chain, and verify your
posture**. That is what this kit provides, with every control mapped back to a documented step of the
exploit chain so you can see _why_ it works.

## The vulnerability in 30 seconds

Both bugs are the same defect class: **the kernel writes to a buffer it believes is private while
that buffer is still backed by shared, file-backed page-cache memory.** Two structural gates govern
every variant of both chains:

| Gate | What it is | Strength as a control |
|------|------------|-----------------------|
| **1. Capability path** | `CAP_NET_ADMIN` obtained via unprivileged user namespaces (`unshare(CLONE_NEWUSER\|CLONE_NEWNET)`) | **Robust chokepoint** — *every* variant must pass here, known and unknown. Close it first. |
| **2. Module surface** | Vulnerable modules: `act_pedit`, `esp4`/`esp6`, `rxrpc`, `xt_TEE`, `nf_dup_ipv4`/`nf_dup_ipv6` | **Defense-in-depth** — removes *known* primitives only; a novel sink would bypass it. |

Fixed upstream in **stable point-releases** (DirtyClone ≥ 6.12.91 / 7.0.10; pedit COW 6.12.94 / 7.0.13) plus vendor backports; mainline 7.1 is final. Confirm your kernel against your distro's tracker — see [`docs/analysis.md`](docs/analysis.md) §8.

## Quick start

> **Linux hosts only.** These scripts read and write real kernel state. Run hardening on a host you
> control; run the destructive validation harness on a **disposable** VM. See [Requirements](#requirements).

```bash
# 1. Preview the host containment changes (writes nothing)
sudo ./kit/harden-pagecache-lpe.sh --dry-run

# 2. Apply userns restrictions + vulnerable-module blocks
sudo ./kit/harden-pagecache-lpe.sh

# 3. Verify posture — run the functional probe as an UNPRIVILEGED user
sudo -u nobody ./kit/verify-pagecache-lpe.sh        # exit: 0=PASS 1=WARN 2=FAIL

# 4. (Optional) Watch the attack chain live with eBPF
sudo bpftrace ./kit/detect-pagecache-lpe.bt
```

For containers, apply the seccomp overlay
([`kit/seccomp-pagecache-lpe.json`](kit/seccomp-pagecache-lpe.json)):

```bash
docker run --security-opt seccomp=kit/seccomp-pagecache-lpe.json 
```

**New here?** Read **[`START-HERE.md`](START-HERE.md)** — a guided, lecture-style walkthrough from
the root cause to a full validation run.

## What's in the box

```
.
├── START-HERE.md          Guided walkthrough — the recommended entry point
├── docs/                  The "why": analysis and operator guidance
│   ├── analysis.md                Root-cause analysis, attack chains, detection engineering
│   ├── HARDENING-GUIDE.md         Operator containment guide (host → systemd → Docker → Kubernetes)
│   └── plain-language-summary.md  Gentler, plain-English overview of both bugs
├── kit/                   The "what you run": four self-contained artifacts
│   ├── harden-pagecache-lpe.sh    Apply host containment (sysctl + module blocks)
│   ├── verify-pagecache-lpe.sh    Read-only posture check (PASS/WARN/FAIL)
│   ├── detect-pagecache-lpe.bt    bpftrace/eBPF telemetry for the staging chain
│   └── seccomp-pagecache-lpe.json Container seccomp overlay denying the chain's syscalls
└── testkit/               The "proof": validation harness + SHOWCASE.md writeup
```

| Component | Role |
|-----------|------|
| [`docs/analysis.md`](docs/analysis.md) | Source of truth: root cause, behavioral attack chains, detection engineering, hardening, comparative table. |
| [`docs/HARDENING-GUIDE.md`](docs/HARDENING-GUIDE.md) | Layered containment for hosts, systemd units, Docker/Podman, and Kubernetes. |
| [`kit/`](kit/) | The four deliverables. Copy this directory to a host to defend it. |
| [`testkit/`](testkit/) | Reproducible validation on real kernels (local Docker + disposable EC2), and [`SHOWCASE.md`](testkit/SHOWCASE.md) — an honest assessment of what the tests do and don't prove. |

## Requirements

- **Hardening & verification** (`harden`, `verify`): a Linux host with `bash`, `sysctl`, `modprobe`,
  and `unshare`. Root for hardening; run the verify probe as a non-root user.
- **Detection** (`detect-pagecache-lpe.bt`): root, `bpftrace` ≥ 0.16, and kernel **BTF**
  (`/sys/kernel/btf/vmlinux`). Some kprobes may be inlined on a given kernel — the script's header
  explains how to adapt.
- **Seccomp overlay**: any OCI runtime (Docker, Podman, containerd).
- **Validation harness** (`testkit/`): a **disposable** Linux VM — it writes real config and unloads
  kernel modules. The EC2 launcher needs the AWS CLI v2 and `jq`; no SSH is used (transport is AWS
  SSM). macOS users can run the local Docker smoke test, but full validation requires Linux.

## Scope & ethics

**TLP:CLEAR — public, unrestricted distribution.** This repository is **detection and prevention
only**. It deliberately includes:

- Root-cause analysis at the syscall / kernel-subsystem level
- Hardening, detection, verification, and seccomp tooling
- A validation harness that exercises the *defenses*

…and deliberately **excludes**:

- Runnable exploit code, proof-of-concept payloads, or shellcode
- Controlled-write derivation or target offsets
- Anything that advances weaponization

The honest limits of this approach — what the validation does and does not prove — are documented in
[`testkit/SHOWCASE.md`](testkit/SHOWCASE.md) §8. **Use only on systems you own or are authorized to
test.** Hardening is containment, not a cure: **patch your kernel.**

## Learn more

- **[`START-HERE.md`](START-HERE.md)** — the guided walkthrough (start here)
- **[`docs/analysis.md`](docs/analysis.md)** — the full technical analysis
- **[`docs/plain-language-summary.md`](docs/plain-language-summary.md)** — a
  gentler, plain-English overview

## Contributing

Issues and pull requests are welcome — see [`CONTRIBUTING.md`](CONTRIBUTING.md). Because the controls
are mirrored across several files (the module list, the userns knobs, the detection bitmap), please
read the **sync invariants** in that guide before changing the attack surface.

## License

Licensed under the [Apache License 2.0](LICENSE).