DirtyClone, tracked as CVE-2026-43503, is a Linux kernel local privilege-escalation issue that matters most on shared, container, build, and admin-access systems. CloudLinux says current kernels and KernelCare coverage already include the needed fix for CloudLinux customers, while Ubuntu published USN-8501-1 for Ubuntu 14.04 LTS systems covered by Ubuntu Pro Legacy Support.
Plain-English Impact
This is not a standalone remote takeover notice. The risk starts when an attacker, customer workload, CI job, container, plugin task, or compromised low-privilege account can run local code on an affected host. From there, a kernel local privilege escalation can turn a contained account problem into host-level control.
For hosting providers, the priority systems are shared CloudLinux/cPanel servers, container worker nodes, build runners, developer jump boxes, support workstations, and any Linux host where untrusted or semi-trusted local code is normal.
CloudLinux Status
CloudLinux says DirtyClone is a separate CVE name in the same bug family as the earlier Dirty Frag and Fragnesia advisories, and that the same May fix covers this issue. Their July 2 advisory says CloudLinux 7h and CloudLinux 8 are not affected, while CloudLinux 9 and CloudLinux 10 are covered when current patched kernels or KernelCare are in place.
- CloudLinux 9 stock-kernel target: kernel 5.14.0-611.54.5.el9_7 or newer.
- CloudLinux 10 stock-kernel target: kernel 6.12.0-124.56.3.el10_1 or newer.
- KernelCare users should confirm livepatch coverage and recent check-in status through their normal KernelCare monitoring or CLN workflow.
Ubuntu Status
Canonical published USN-8501-1 on July 2, 2026 for Ubuntu 14.04 LTS under Ubuntu Pro Legacy Support. The advisory includes CVE-2026-43503 along with additional Linux kernel fixes. This is mainly relevant to legacy systems that have not yet been retired, migrated, or enrolled in the correct support coverage.
Ubuntu lists fixed 14.04 kernel packages including 3.13.0-214.265 for the generic and low-latency images, and 3.13.0.214.224 for the related kernel metapackages. Hosts on newer Ubuntu releases should still follow their normal kernel-update monitoring, but USN-8501-1 itself is scoped to 14.04 LTS.
Hosting Admin Checklist
- Inventory affected server groups by distro, kernel line, livepatch status, reboot state, and tenant/workload exposure.
- Prioritize systems where customers, containers, build jobs, scripts, or support tools can run local code.
- For CloudLinux, confirm CLN and KernelCare reporting before assuming the May fix is active on the running kernel.
- For Ubuntu 14.04, confirm Ubuntu Pro Legacy Support coverage or move the workload to a supported operating system.
- Before a stock-kernel reboot, confirm backups or snapshots, drain busy workloads where possible, and notify customers if service interruption is expected.
- After the change, verify the running kernel, web service health, mail service health, database health, LVE/resource controls, container workloads, monitoring, and backup agents.
- Do not validate production exposure by running public attack demos. Use vendor package status, running-kernel evidence, livepatch status, and maintenance records instead.
Related Fix I.T. Phill Guidance
For Ubuntu reboot planning, see the Ubuntu kernel hosting reboot checklist. For CloudLinux hosting fleets, pair this review with your normal cPanel/WHM maintenance plan and customer communication process.


