The “Dirty Frag” vulnerability is a chained local privilege escalation (LPE) issue in the Linux kernel that combines flaws in the ESP/XFRM and RXRPC subsystems to allow an unprivileged local attacker to gain root access on major Linux distributions. The attack abuses kernel page-cache manipulation and network protocol handling to overwrite privileged binaries and execute arbitrary code with elevated privileges. Exploitation differs by distribution: the ESP issue affects systems permitting unprivileged user namespaces, while the RXRPC issue impacts distributions with RXRPC enabled, such as Ubuntu. Together, the vulnerabilities provide broad cross-distribution root compromise capability, with mitigations involving disabling vulnerable kernel modules (esp4, esp6, and rxrpc) until upstream patches are fully merged and deployed.
What is the recommended workaround until a patch is available? RHEL does not load these modules with modprobe The following command followed by a reboot seems to work: grubby --update-kernel=ALL --args=module_blacklist=esp4,esp6,rxrpc However, I don't know if it's the recommended solution or if there is one that is better / more safe. https://access.redhat.com/security/cve/cve-2026-43284 Also, it does not list RHEL7 as affected or unaffected or under investigation still no https://access.redhat.com/security/cve/cve-2026-43500 which seems to be another CVE related to dirty frag