One week after Copy Fail, another Linux kernel vulnerability has been publicly disclosed. The exploit, called "Dirty Frag", chains two kernel bugs to give any unprivileged user with shell access full root on your server.

The embargo was broken early, so there is no official patch yet, no CVE number, and a working exploit is already public.

Dirty Frag targets three kernel modules: esp4, esp6, and rxrpc. Ubuntu is particularly exposed because rxrpc loads automatically on Ubuntu, while most other distributions do not ship it by default. The Copy Fail fix from last week does not protect against this. Dirty Frag is a completely different attack path and requires its own fix.

What We Decided

Unlike Copy Fail, we did not push this mitigation automatically through the RunCloud agent. This fix disables three kernel modules and could impact servers running IPsec VPN tunnels or AFS. We did not want to risk breaking production servers without the owner's knowledge.

The fix needs to be applied manually. It takes one command and under a minute.

How to Apply the Fix

Before applying, run the pre-check commands to confirm the modules are not actively in use. Full pre-check steps and the one-command fix are in the community post linked below.

The mitigation blocks all three modules from loading, unloads them immediately, and survives reboots. NGINX, PHP, MySQL, SSH, and SSL are unaffected. The only services impacted are IPsec VPN tunnels using ESP mode and AFS.

If anything breaks after applying, the fix is fully reversible with three commands to restore the modules.

Permanent Patch

No official Ubuntu kernel patch is available yet. The embargo broke early, and Ubuntu has not had time to ship one. We are watching their tracker and will update the community thread as soon as a patch lands. Once it does, apply the kernel update, reboot, and remove the mitigation file.

Full Details and Next Steps

For pre-check commands, the full fix, verification steps, and reversal instructions, see our full write-up on our community forum.