pruva-verify REPRO-2026-00212 curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00212/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh CVE-2026-43503 (DirtyClone) is a local privilege escalation flaw in the Linux kernel networking stack. When socket-buffer (skb) fragment descriptors are transferred between skbs by __pskb_copy_fclone(), skb_shift(), skb_gro_receive(), skb_gro_receive_list(), tcp_clone_payload(), and skb_segment(), the kernel fails to propagate the SKBFL_SHARED_FRAG flag in skb_shinfo()->flags. A cloned skb can therefore keep a reference to file-backed page-cache memory while reporting skb_has_shared_frag() as false. This bypasses the XFRM/IPsec skb_cow_data() copy-on-write safeguard, allowing an unprivileged local attacker to write decrypted bytes into a root-owned read-only binary's page cache and ultimately gain root code execution.
Variant analysis
The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.
Loading session...
Scripts, logs, diffs, and output captured during the reproduction.