Background
A serious security vulnerability called Dirty Frag has been discovered in the Linux kernel. It allows a regular user to gain full "root" (administrative) control over almost any Linux computer.
Current Status
- Scope: Until confirmed otherwise, assume all Linux distributions and kernels are vulnerable.
- Exploitation: Exploits were published May 7th, 2026, and are easily found.
- Patch Status: Official security patches are "in flight". We will try to update this page as guidance evolves.
How do I fix it?
Because there are currently no official security patches, the recommended mitigation is to disable the vulnerable kernel modules. Most servers do not use these modules (which relate to IPsec networking and the AFS filesystem), so disabling them is unlikely to disrupt your system.
Run the following command as root (or using sudo). This does two things:
- Blacklists the modules: Creates a configuration file so the modules cannot be loaded automatically or manually in the future.
- Unloads the modules: Immediately removes them from the running kernel.
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
Risks of Running the Exploit
If you tried the exploit, the system may be in an unstable state. It is best to reboot, but if you cannot easily to so, run:
echo 3 | sudo tee /proc/sys/vm/drop_caches
References
https://github.com/V4bel/dirtyfrag
You can refer to this page as https://go.lbl.gov/dirtyfrag
