Computer Forum
Dirty Frag (Image © Dirty Frag)
Technical origin and impact
The vulnerability is located in the fast decryption paths of the kernel, especially in the esp4, esp6 and rxrpc modules. As these modules are part of the central network and communication paths of the kernel, the vulnerability is widespread in various distribution versions.
Unlike typical security updates Dirty Frag was released before an official patch cycle was completed. This happened after a security embargo was prematurely broken, which prompted the researcher to publish the findings before a CVE number was assigned or official patches were distributed to the wider community.
Remedies and workarounds
While official patches are still pending from most distributions, a manual workaround is available to system administrators. The risk can be mitigated by disabling the affected kernel modules to prevent them from being loaded into memory.
This is done by adding a configuration file to the /etc/modprobe.d/ directory that assigns the value /bin/false to the esp4, esp6 and rxrpc modules, effectively blocking their execution. This approach is considered safe for most standard system configurations.
The one-liner fix:
sh -c “printf ‘install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n’ > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true”
Current patch status
Most Linux vendors are currently working on permanent solutions. Alma Linux was one of the first to provide initial patches for testing. Users are advised to keep an eye on the security advisories of their respective distributions in order not to miss the official release of patches to fix the vulnerability.
