Dirty Frag (CVE-2026-43284 / CVE-2026-43500)

1. Description


CVE-2026-43284 and CVE-2026-43500 ("Dirty Frag") are local privilege escalation (LPE) vulnerabilities affecting the Linux kernel's xfrm-ESP (IPsec) and RxRPC subsystems.


The flaws can be chained by an unprivileged local user to overwrite sensitive cached files, including /etc/passwd and setuid binaries, to achieve deterministic privilege escalation to root.


2. Mitigation Steps

Apply the following workaround on all affected servers. This uses an execution override to instantly and permanently block the affected kernel modules from loading. NO REBOOT IS REQUIRED.


Step 1 — Verify the modules are not currently running

Ensure the modules are not active in memory before applying the block:

lsmod | grep -E "esp4|esp6|rxrpc"

Expected output: (no output).


If any modules appear in the output, unload them immediately using sudo rmmod rxrpc esp6 esp4 before proceeding.


Step 2 — Force-disable the modules via override

Create a configuration file that instructs the kernel to execute /bin/false instead of loading the vulnerable modules. This permanently blocks both automatic on-demand loading and direct manual loading:


sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag-block.conf"


 

Step 3 — Clear the kernel dependency cache

Force the kernel to instantly reload its module configuration parameters so the changes take effect immediately on your running system:

sudo depmod -a



Step 4 — Verify mitigation

Attempt to manually force-load one of the disabled modules to prove the operating system successfully rejects and blocks the request:

sudo modprobe esp4
lsmod | grep esp4

Expected output: (no output). 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article