¡¾·ì϶¹«¸æ¡¿Linux Kernel DirtyClone ±¾µØÌáȨ·ì϶(CVE-2026-43503)

°ä²¼¹¦·ò 2026-06-29

Ò»¡¢·ì϶¸ÅÊö


mansion88Ã÷Éý|Ö÷Ò³


Linux KernelÊÇ¿ªÔ´²Ù×÷ϵͳÄںˣ¬¿í·ºÀûÓÃÓÚ·þÎñÆ÷¡¢ÔÆÍÆËã¡¢ÈÝÆ÷¼°Ç¶Èëʽϵͳ£¬Ìṩ¹ý³Ìµ÷¶È¡¢ÄÚ´æÖÎÀí¡¢Îļþϵͳ¼°ÍøÂçºÍ̸ջµÈÖ÷ÌâÄÜÁ¦£¬Ö§³Ö¶àÖÖÓ²¼þ¼Ü¹¹Óë¸ß²¢·¢³ö²ú»·¾³¡£


2026Äê6ÔÂ29ÈÕ£¬mansion88Ã÷Éý°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄ£¨VSRC£©¼à²âµ½Linux Kernel DirtyClone ±¾µØÌáȨ·ì϶¡£·ì϶ԴÓÚskb¿Ë¡õè¾¶SKBFL_SHARED_FRAG±êÖ¾´«²¼È±Ê§£¬µ¼ÖÂpage cacheÓëskb¹²ÏíÄÚ´æ±»ÃýÎóдÈë¡£ÔÚCAP_NET_ADMIN»òÓû§¶¨Ãû¿Õ¼ä»·¾³Ï£¬¹¥»÷Õ߿ɻú¹ØIPsec in-place½âÃÜ£¬´Û¸ÄÄÚ´æÎļþÄÚÈÝ£¬ÊµÏÖrootÌáȨ¡£



¶þ¡¢Ó°ÏìÁìÓò



3.9 <= Linux Kernel < 5.10.257

5.11 <= Linux Kernel < 5.15.208

5.16 <= Linux Kernel < 6.1.174

6.2 <= Linux Kernel < 6.6.141

6.7 <= Linux Kernel < 6.12.91

6.13 <= Linux Kernel < 6.18.33

6.19 <= Linux Kernel < 7.0.10

7.1-rc1 <= Linux Kernel < 7.1-rc5



Èý¡¢°²È«´ëÊ©



3.1 Éý¼¶°æ±¾


¹Ù·½ÒѰ䲼½¨¸´²¹¶¡£¬ÒÔ½¨¸´¸Ã·ì϶

Linux Kernel >= 7.1-rc5

ÏÂÔØÁ´½Ó£º

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=48f6a5356a33dd78e7144ae1faef95ffc990aae0


3.2 һʱ´ëÊ©


kernel.unprivileged_userns_cl0

²¢¿É½áºÏ£º

½ûÓà IPsec£¨ÈçÒµÎñÔÊÐí£©

×è¶Ï±¾µØ loopback É쵀 XFRM policy

ÏÞ¶È vmsplice / splice ϵͳŲÓÃʹÓ㨸߷çÏÕ»·¾³£©¡£


3.3 ͨÓý¨Òé


¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬Ï÷¼õϵͳ·ì϶£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£

¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬Åú¸Ä·À»ðǽսÊõ£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬Ï÷¼õ¹¥»÷Ãæ¡£

ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£

¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È¡£

ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£


3.4 ²Î¿¼Á´½Ó


https://research.jfrog.com/post/dissecting-and-exploiting-linux-lpe-variant-dirtyclone-cve-2026-43503/

https://nvd.nist.gov/vuln/detail/CVE-2026-43503