https://www.reddit.com/r/homelab/comments/1t6rj7p/new_linux_kernel_lpe_dirty_frag_no_patch_yet/
No patch?
3 Likes
Again requires local access and there is a mitigation solution until a patch comes forward. So apply the mitigation and don't offer Air B'n'B to hackers!
3 Likes
Liquorix kernels are up to speed with this:
" The Liquorix kernel maintains a public GitHub repository (GitHub - V4bel/dirtyfrag · GitHub) where the maintainer has released patches and mitigations for the Dirty Frag vulnerability (CVE-2026-43284).
Because the embargo was broken before official distribution patches were ready, the Liquorix kernel team provided immediate updates for users. To apply the fix on your system:
- Update your system : Run your standard package manager update command (e.g.,
sudo apt update && sudo apt upgradeon Ubuntu/Debian-based systems using Liquorix) to pull the patched kernel. - Reboot : Restart your machine to load the new kernel version.
If you cannot update immediately, you can apply a temporary mitigation by disabling the vulnerable kernel modules using the following command:
sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
Note : This mitigation disables IPsec (ESP) and RxRPC functionality. It should only be used as a temporary measure until the patched Liquorix kernel is installed.
AI-generated answer. Please verify critical facts."
" Linux Mint 22.3 (and other Ubuntu-based distributions like Ubuntu 20.04, 22.04, and 24.04) currently does not have an official patched kernel available for the Dirty Frag vulnerability (CVE-2026-43284/CVE-2026-43500). Users have reported that standard mitigation commands may fail or require a reboot if the exploit has already altered memory caches.
To mitigate the risk until an official patch is released, administrators can apply a temporary kernel module workaround that disables the vulnerable IPsec and AFS components. This method prevents the exploit from loading but will break any active IPsec VPN tunnels or AFS client connections.
Immediate Mitigation Steps
- Blacklist Vulnerable Modules : Create a configuration file to prevent
esp4,esp6, andrxrpcfrom loading:
sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf"
- Unload Modules : Remove the modules from the running kernel:
sudo rmmod esp4 esp6 rxrpc 2>/dev/null; true
- Clear Page Cache : If the system was potentially compromised, drop the page cache to remove any modified binary states in memory (note: this does not require a reboot):
echo 3 | sudo tee /proc/sys/vm/drop_caches
- Verify Protection : Ensure the modules are no longer loaded:
lsmod | grep -E '^(esp4|esp6|rxrpc)' && echo "STILL EXPOSED" || echo "PROTECTED"
Important Caveats
- IPsec Disruption : This mitigation will break IPsec functionality . If your system relies on IPsec (e.g., strongSwan, Libreswan), do not apply this workaround; instead, disable unprivileged user namespaces (
echo 0 | sudo tee /proc/sys/user/max_user_namespaces) as an alternative, though this may affect rootless containers. - Reboot Required if Exploited : If the system was already targeted, the in-memory cache may still contain malicious modifications. A reboot is required to fully clear the dirty state after applying the mitigation.
- Official Patches : Monitor the Ubuntu Security Tracker or Linux Mint updates for official kernel patches. CloudLinux and AlmaLinux have released testing patches, but Ubuntu-based distros are still evaluating fixes.
AI-generated answer. Please verify critical facts."
1 Like
What is Ubuntu waiting for, they need to patch the kernel already. They are really dragging their feet with this one. 
Well they must be pretty exhausted after dealing with that sustained DDoS attack.
This is a really new Vulnerability. The Infos to it were published too soon. So, there were not much Time to patch it. And in Case of Ubuntu, You have to think about: They have to patch it be thereown because there Kernel is EOL. And because Ubuntu itself offers Patches, Updates and Backports, they have to do that.
For now, You could go the Workaround that they offer with disabling the affected Modules.
Maybe someone find something usefull.
There is more examples like here.
I think this says it all:
Canonical employs a staff of over 400 people, with approximately 250 estimated to be involved in development roles based on LinkedIn statistics. In contrast, the Debian project is an all-volunteer organization with over 1,400 active contributors and developers as of 2026, none of whom are paid by a central corporate entity.
While Canonical has a paid workforce, many of its engineers are also Debian Developers who contribute to upstream projects. Debian relies on a global community of volunteers who work on the operating system in their spare time, whereas Canonical uses its employees to maintain Ubuntu’s specific release cycle, enterprise support, and infrastructure services.
AI-generated answer. Please verify critical facts.
https://forums.linuxmint.com/viewtopic.php?p=2783700#p2783700
Following on the heals of 'dirty frag':
Again, local access is required for this to take place.
2 Likes
a fix for fragnesia until kernel updates are in place
https://ubuntu.com/blog/fragnesia-linux-vulnerability-fixes-available
best of luck Steve ..
2 Likes
There are some members running Liquorix so used Brave A.I. to see what's what with 'fragnesia':
" The Liquorix kernel is a community-maintained, out-of-tree Linux kernel optimized for desktop responsiveness, gaming, and low-latency multimedia production, primarily targeting Debian and Ubuntu-based distributions. It is not vulnerable to the Fragnesia bug (CVE-2026-46300) because Fragnesia is a vulnerability in the mainline Linux kernel 's core network subsystem (specifically the skb_try_coalesce function in net/skbuff.c ) that affects standard distributions like AlmaLinux, Red Hat, and generic Debian kernels.
While Liquorix is based on mainline kernel sources, the Fragnesia exploit requires specific kernel modules (esp4, esp6, rxrpc ) and a particular IPsec ESP-in-TCP code path to achieve local root privilege escalation via page-cache corruption. Liquorix users are generally considered to be at lower risk than server administrators on multi-tenant hosts because:
- Fragnesia is primarily a threat to shared systems (servers, CI runners, cloud instances) where untrusted users share the kernel and page cache.
- The Liquorix kernel is designed for single-user desktops , where the attack surface for a local root exploit is significantly reduced compared to server environments.
- However, if a Liquorix user has IPsec ESP or AFS/rxrpc enabled, they are technically affected by the underlying mainline bug, as Liquorix uses the same core networking code.
To mitigate Fragnesia on any system using mainline or derived kernels (including Liquorix if IPsec is used), administrators can blacklist the vulnerable modules by creating a file /etc/modprobe.d/fragnesia.conf with the following content:
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
Additionally, running sudo sh -c 'echo 3 > /proc/sys/vm/drop_caches' can help clear potentially corrupted page cache entries. The Liquorix project itself does not maintain a separate security patch for Fragnesia distinct from the mainline kernel fixes, so users relying on Liquorix for security should ensure their underlying distribution's kernel packages are up to date or apply the mainline patches if they are building from source.
AI-generated answer. Please verify critical facts."
2 Likes
Starting to like the Liquorix kernel more all the time....lol worth the upgrade
2 Likes
When disabled the Kernel Modules from the Dirty Frag Vulnerability, this will help here too. That are the same affected Modules.
1 Like
1 Like