Dirty Frag Vulnerability – Secure Your VPS

Incident Report for Domains.co.za

Identified

The linked repo is the public PoC and disclosure for Dirty Frag (a universal Linux local privilege escalation via page-cache corruption in xfrm-ESP and RxRPC paths). It affects most major distros with no upstream patches yet (as of May 2026), but has a simple module-blacklist mitigation.

https://github.com/V4bel/dirtyfrag/tree/master

*Quick Mitigation Reminder*

Run this on each affected system:

sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"

Then reboot or drop caches. This breaks IPsec and RxRPC/AFS usage if you rely on them.

Watch for kernel updates from your distro.
Posted May 08, 2026 - 08:22 SAST
This incident affects: VPS Hosting.
Current Status Powered by Atlassian Statuspage