Dirty Frag Linux kernel local privilege escalation vulnerability mitigations
4 hours ago
- #Vulnerability Mitigation
- #Local Privilege Escalation
- #Linux Kernel Security
- Two local privilege escalation vulnerabilities in the Linux kernel, called "Dirty Frag," were disclosed on May 7, 2026.
- One vulnerability affects IPsec ESP modules (esp4/esp6), the other affects RxRPC modules, both with a high severity score of 7.8.
- Impacts include privilege escalation to root on hosts and potential container escape in container deployments.
- All Ubuntu releases from Trusty Tahr to Resolute Raccoon are affected, with fixes pending through kernel updates.
- Mitigation involves blocking the affected modules via /etc/modprobe.d/dirty-frag.conf, unloading them, and rebooting if necessary.
- Once kernel updates are installed, the mitigation can be removed to restore functionality for IPsec and AFS/RxRPC users.