{"vulnerability": "CVE-2026-43500", "sightings": [{"uuid": "d8f0f8f3-863c-4d6f-a05b-b60e0ae9464e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://infosec.exchange/users/decio/statuses/116538375077982531", "content": "Les deux vuln\u00e9rabilit\u00e9s composant #DirtyFrag ont re\u00e7u leurs num\u00e9ros CVE :\n\ud83d\udd34 CVE-2026-43284 \u2014 xfrm-ESP Page-Cache Write (patch\u00e9 en mainline : f4c50a4034e6)\ud83d\udfe1 CVE-2026-43500 \u2014 RxRPC Page-Cache Write\nSi ce n'est pas encore fait, la mitigation reste de blacklister esp4, esp6 et rxrpc.\ud83d\udc47 https://vulnerability.circl.lu/vuln/CVE-2026-43284", "creation_timestamp": "2026-05-08T10:01:24.008399Z"}, {"uuid": "bfd0d374-3aa3-4935-80be-2ddde695c65d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116539044705700152", "content": "And just to clarify about \"Dirty Frag\" vs. \"Copy Fail 2\":\nDirty Frag is TWO vulnerabilities:\n\nThe xfrm-ESP Page-Cache Write vulnerability has been assigned CVE-2026-43284 and patched in mainline at f4c50a4034e6.\nThe RxRPC Page-Cache Write vulnerability has been reserved as CVE-2026-43500 for tracking; no patch exists in any tree yet.\nCopy Fail 2 is a \"clean room\" rediscovery/exploitation of f4c50a4034e6\nSince Copy Fail 2 was published to GitHub 1 hour earlier than Dirty Frag was published.  The Dirty Frag writeup specifies that the embargo was broken, and as a result TWO vulnerabilities were disclosed.\nPersonally, I think that if you publish a patch for a vulnerability, and then you begin an embargo a week after it was published, that doesn't really count as an \"embargo\"?  \ud83e\udd37\u200d\u2642\ufe0f\nFun stuff...", "creation_timestamp": "2026-05-08T12:51:43.777812Z"}, {"uuid": "8af3a688-5529-41d5-9f91-5db4188a8510", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/aoetk.bsky.social/post/3mldllohhqs2s", "content": "\u307e\u305f\u30ab\u30fc\u30cd\u30eb\u8106\u5f31\u6027\u3067\u3053\u3093\u306a\u306e\u304c\u51fa\u3066\u304d\u305f\u3093\u304b\u30fc\u3044\n\n/ Linux Kernel\u306eLPE(Local Privilege Escalation)\u8106\u5f31\u6027(Dirty Frag: CVE-2026-43284, CVE-2026-43500) security.sios.jp/vulnerabilit...", "creation_timestamp": "2026-05-08T11:06:30.206310Z"}, {"uuid": "24f4e679-d618-45ea-9ac6-e0ec664fe8dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/aoetk.fedibird.com.ap.brid.gy/post/3mldlq5pm74r2", "content": "\u307e\u305f\u30ab\u30fc\u30cd\u30eb\u8106\u5f31\u6027\u3067\u3053\u3093\u306a\u306e\u304c\u51fa\u3066\u304d\u305f\u3093\u304b\u30fc\u3044\n\n/ Linux Kernel\u306eLPE(Local Privilege Escalation)\u8106\u5f31\u6027(Dirty Frag: CVE-2026-43284, CVE-2026-43500) - SIOS SECURITY BLOG https://security.sios.jp/vulnerability/kernel-security-vulnerability-20260508/", "creation_timestamp": "2026-05-08T11:13:12.417376Z"}, {"uuid": "d8fe8370-c3e9-460c-87f5-75982966e46b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://gist.github.com/xc78xsgzsd-droid/7bb632be2e3e341b4e8b4cc79deac739", "content": "#!/bin/sh\n# ============================================================\n# DirtyFrag Vulnerability Checker\n# CVE-2026-43284 (xfrm/ESP) + CVE-2026-43500 (rxrpc)\n# Disclosed: 2026-05-07 | No patch available yet\n# ============================================================\n\nRED='\\033[0;31m'; YEL='\\033[1;33m'; GRN='\\033[0;32m'\nBLD='\\033[1m'; RST='\\033[0m'\n\nok()   { printf \"${GRN}[OK]${RST}     %s\\n\" \"$1\"; }\nwarn() { printf \"${YEL}[WARN]${RST}   %s\\n\" \"$1\"; }\nvuln() { printf \"${RED}[VULN]${RST}   %s\\n\" \"$1\"; }\ninfo() { printf \"         %s\\n\" \"$1\"; }\n\necho\nprintf \"${BLD}=== DirtyFrag Vulnerability Check ===${RST}\\n\"\nprintf \"    CVE-2026-43284 (ESP/xfrm) + CVE-2026-43500 (rxrpc)\\n\"\nprintf \"    Kernel: %s\\n\\n\" \"$(uname -r)\"\n\nVULN_COUNT=0\n\n# \u2500\u2500 1. Mitigation already in place? \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nprintf \"${BLD}[1] Modprobe blacklist (/etc/modprobe.d/dirtyfrag.conf)${RST}\\n\"\nif [ -f /etc/modprobe.d/dirtyfrag.conf ] || \\\n   grep -rq 'install esp4 /bin/false' /etc/modprobe.d/ 2>/dev/null; then\n    ok \"Blacklist found \u2013 modules blocked from loading\"\n    MITIGATED=1\nelse\n    warn \"No blacklist found\"\n    MITIGATED=0\nfi\necho\n\n# \u2500\u2500 2. Vulnerable modules currently loaded? \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nprintf \"${BLD}[2] Loaded kernel modules (esp4 / esp6 / rxrpc)${RST}\\n\"\nfor MOD in esp4 esp6 rxrpc; do\n    if lsmod 2>/dev/null | grep -q \"^${MOD} \"; then\n        vuln \"Module '${MOD}' is currently LOADED\"\n        VULN_COUNT=$((VULN_COUNT + 1))\n    else\n        ok \"Module '${MOD}' not loaded\"\n    fi\ndone\necho\n\n# \u2500\u2500 3. Modules available on disk? \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nprintf \"${BLD}[3] Module files available on disk${RST}\\n\"\nKVER=$(uname -r)\nfor MOD in esp4 esp6 rxrpc; do\n    FOUND=$(find /lib/modules/${KVER} -name \"${MOD}.ko\" -o -name \"${MOD}.ko.xz\" \\\n                                     -o -name \"${MOD}.ko.zst\" 2>/dev/null | head -1)\n    if [ -n \"$FOUND\" ]; then\n        if [ \"$MITIGATED\" -eq 1 ]; then\n            warn \"Module '${MOD}' exists on disk (but loading is blocked)\"\n            info \"\u2192 $FOUND\"\n        else\n            vuln \"Module '${MOD}' exists and CAN be auto-loaded\"\n            info \"\u2192 $FOUND\"\n            VULN_COUNT=$((VULN_COUNT + 1))\n        fi\n    else\n        ok \"Module '${MOD}' not found on disk\"\n    fi\ndone\necho\n\n# \u2500\u2500 4. User namespace creation (xfrm/ESP exploit path) \u2500\u2500\u2500\u2500\nprintf \"${BLD}[4] Unprivileged user namespaces (CVE-2026-43284 path)${RST}\\n\"\nUSERNS=$(cat /proc/sys/user/max_user_namespaces 2>/dev/null)\nif [ \"$USERNS\" = \"0\" ]; then\n    ok \"user.max_user_namespaces = 0 (xfrm/ESP exploit path blocked)\"\nelse\n    USERNS=${USERNS:-\"unknown\"}\n    warn \"user.max_user_namespaces = ${USERNS} (ESP exploit path reachable)\"\n    info \"\u2192 Ubuntu: check AppArmor profile for namespace restriction\"\nfi\n\n# AppArmor namespace restriction (Ubuntu)\nif [ -f /sys/kernel/security/apparmor/profiles ]; then\n    if grep -q 'unprivileged_userns' /sys/kernel/security/apparmor/profiles 2>/dev/null || \\\n       [ -f /etc/apparmor.d/tunables/userns ]; then\n        ok \"AppArmor namespace restriction detected (Ubuntu-style mitigation)\"\n    fi\nfi\necho\n\n# \u2500\u2500 5. rxrpc-specific check \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nprintf \"${BLD}[5] rxrpc path (CVE-2026-43500 \u2013 no namespace needed)${RST}\\n\"\nif lsmod 2>/dev/null | grep -q '^rxrpc '; then\n    vuln \"rxrpc is loaded \u2013 exploit path requires NO namespace privilege\"\n    VULN_COUNT=$((VULN_COUNT + 1))\nelif find /lib/modules/${KVER} -name 'rxrpc.ko*' 2>/dev/null | grep -q .; then\n    if [ \"$MITIGATED\" -eq 1 ]; then\n        ok \"rxrpc available but loading is blacklisted\"\n    else\n        vuln \"rxrpc module present and loadable (no namespace needed to exploit)\"\n        VULN_COUNT=$((VULN_COUNT + 1))\n    fi\nelse\n    ok \"rxrpc module not present on this system\"\nfi\necho\n\n# \u2500\u2500 6. Page cache integrity hint \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nprintf \"${BLD}[6] Page cache integrity check (exploit IOC)${RST}\\n\"\nPASSWD_SIZE=$(stat -c%s /etc/passwd 2>/dev/null)\nSHADOW_SIZE=$(stat -c%s /etc/shadow 2>/dev/null)\nif [ -n \"$PASSWD_SIZE\" ] && [ \"$PASSWD_SIZE\" -lt 50 ]; then\n    vuln \"/etc/passwd suspiciously small (${PASSWD_SIZE} bytes) \u2013 possible tampering!\"\n    VULN_COUNT=$((VULN_COUNT + 1))\nelse\n    ok \"/etc/passwd size appears normal (${PASSWD_SIZE} bytes)\"\nfi\n\n# Check for unexpected root entries (new UID 0 lines)\nROOT_ENTRIES=$(grep -c ':0:' /etc/passwd 2>/dev/null)\nif [ \"$ROOT_ENTRIES\" -gt 2 ]; then\n    vuln \"Multiple UID-0 entries in /etc/passwd (${ROOT_ENTRIES}) \u2013 check for backdoor!\"\n    VULN_COUNT=$((VULN_COUNT + 1))\nelse\n    ok \"No unexpected UID-0 entries in /etc/passwd\"\nfi\necho\n\n# \u2500\u2500 Summary \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nprintf \"${BLD}=== Summary ===${RST}\\n\"\nKERNEL_YEAR=$(uname -r | grep -oE '^[0-9]+' )\nif [ \"$KERNEL_YEAR\" -ge 4 ] 2>/dev/null; then\n    info \"Kernel $(uname -r) is in the affected range (since Jan 2017)\"\nelse\n    info \"Kernel $(uname -r) \u2013 age unclear, manual review recommended\"\nfi\n\nif [ \"$MITIGATED\" -eq 1 ] && [ \"$VULN_COUNT\" -eq 0 ]; then\n    printf \"\\n${GRN}${BLD}[RESULT] Mitigation applied \u2013 system appears protected${RST}\\n\"\n    info \"\u2192 Revert /etc/modprobe.d/dirtyfrag.conf once a patched kernel is installed\"\nelif [ \"$VULN_COUNT\" -eq 0 ]; then\n    printf \"\\n${YEL}${BLD}[RESULT] No active modules loaded, but no blacklist in place${RST}\\n\"\n    info \"\u2192 Modules can still be auto-loaded. Apply mitigation to be safe.\"\nelse\n    printf \"\\n${RED}${BLD}[RESULT] SYSTEM LIKELY VULNERABLE (${VULN_COUNT} issue(s) found)${RST}\\n\"\n    info \"\u2192 Apply mitigation immediately (unless you use IPsec/kAFS):\"\n    printf \"\\n\"\n    printf '    sudo sh -c \"printf '\"'\"'install esp4 /bin/false\\ninstall esp6 /bin/false\\ninstall rxrpc /bin/false\\n'\"'\"' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true\"\\n'\n    printf \"\\n\"\n    info \"\u2192 Optionally drop page cache afterwards:\"\n    info \"  sudo sh -c 'echo 3 > /proc/sys/vm/drop_caches'\"\nfi\necho\n", "creation_timestamp": "2026-05-08T12:08:27.000000Z"}, {"uuid": "3abd5372-7d5a-4f97-9c43-b65ef4554dd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://gist.github.com/m3nu/d85533bbf342edd3a9426711409a1b9a", "content": "", "creation_timestamp": "2026-05-08T13:45:53.000000Z"}, {"uuid": "4c1c2a84-4c47-401c-86a2-5bbc00e3bf67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/Anarcat.kolektiva.social.ap.brid.gy/post/3mle3b6xlyga2", "content": "#Debian security team just released DSA-6253-1 which addresses #dirtyfrag local root escalation which has been issued CVE-2026-43284 and CVE-2026-43500", "creation_timestamp": "2026-05-08T15:50:40.576696Z"}, {"uuid": "36d81f94-7a34-4c6b-9809-5df29947a53d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/kisai.me/post/3mldtc4wrns2a", "content": "\u898b\u3064\u3051\u305f\n\nCVE-2026-43284\nCVE-2026-43500\n\n\u3053\u308c\u304b\u306a", "creation_timestamp": "2026-05-08T13:24:15.860547Z"}, {"uuid": "ed2d0960-bc6e-4ab2-9d25-0e3e9915e68a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/drgoon.bsky.social/post/3mldtdraztc2n", "content": "\"CVE-2026-43284 is now assigned.\n\nThat was for the first issue, and that is now fixed in the latest round of stable kernel updates.  The second has CVE-2026-43500 reserved for it if you need to track this, and is not fixed in any released kernel version yet.\"", "creation_timestamp": "2026-05-08T13:25:11.509789Z"}, {"uuid": "a89a0c0a-76af-4b13-a9ad-f64ad5a1bd49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://gist.github.com/bykvaadm/7bb8937ebc4f0485fea26fa27af4c522", "content": "- name: Mitigate DirtyFrag (CVE-2026-43284 / CVE-2026-43500)\n    hosts: all\n    become: true\n    tasks:\n      - name: Caveats\n        debug:\n          msg: |\n            \u0412\u041d\u0418\u041c\u0410\u041d\u0418\u0415:\n            - esp4/esp6: \u0435\u0441\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f IPsec VPN (strongSwan, Libreswan \u0438 \u0434\u0440.) \u2014\n              \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0441\u043b\u043e\u043c\u0430\u0435\u0442 \u0442\u0443\u043d\u043d\u0435\u043b\u0438. \u0412 \u0442\u0430\u043a\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0436\u0434\u0430\u0442\u044c \u043f\u0430\u0442\u0447\u0430 \u044f\u0434\u0440\u0430.\n            - rxrpc: \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f AFS/Kerberos, \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\n              \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0430\u0442\u044c.\n            - CVE-2026-43500 (rxrpc) \u043f\u043e\u043a\u0430 \u043d\u0435 \u0437\u0430\u043f\u0430\u0442\u0447\u0435\u043d \u2014 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 \u043c\u043e\u0434\u0443\u043b\u044f\n              \u0435\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u0430\u044f \u0437\u0430\u0449\u0438\u0442\u0430 \u0434\u043e \u0432\u044b\u0445\u043e\u0434\u0430 \u043f\u0430\u0442\u0447\u0430 \u044f\u0434\u0440\u0430.\n            - \u041f\u043e\u0441\u043b\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 DirtyFrag page cache \u0437\u0430\u0441\u043e\u0440\u0451\u043d \u2014 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f\n              drop cache \u0438\u043b\u0438 \u0440\u0435\u0431\u0443\u0442.\n\n      - name: Blacklist vulnerable modules\n        copy:\n          dest: /etc/modprobe.d/dirtyfrag-mitigation.conf\n          content: |\n            install esp4 /bin/false\n            install esp6 /bin/false\n            install rxrpc /bin/false\n            blacklist esp4\n            blacklist esp6\n            blacklist rxrpc\n\n      - name: Unload modules if loaded\n        modprobe:\n          name: \"{{ item }}\"\n          state: absent\n        loop: [esp4, esp6, rxrpc]\n        failed_when: false\n        when: ansible_facts.get('ansible_virtualization_type') != 'container'\n\n      - name: Verify modules not loaded\n        shell: lsmod | grep -E '^(esp4|esp6|rxrpc)\\s'\n        register: check\n        failed_when: check.rc == 0\n        changed_when: false\n        when: ansible_facts.get('ansible_virtualization_type') != 'container'", "creation_timestamp": "2026-05-08T13:41:26.000000Z"}, {"uuid": "912f06b3-01e7-422c-aa97-c9e8868fb824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://gist.github.com/sayem314/dd8d3932a2e91d6a8a454b9986f6087e", "content": "Dirty Frag is a Linux kernel local privilege escalation chain involving the IPsec ESP stack and RxRPC. If a vulnerable host runs untrusted local code, containers, CI jobs, app sandboxes, or shared shell users, treat it as urgent.\n\nThe real fix is a patched kernel from your distribution. Until Debian or Ubuntu ship fixed kernels for your release, the mitigation below blocks the affected modules:\n\n- `esp4`\n- `esp6`\n- `rxrpc`\n\nSources:\n\n- https://github.com/V4bel/dirtyfrag\n- https://dirtyfrag.io/\n- https://openwall.com/lists/oss-security/2026/05/07/10\n\n## What this disables\n\nThis mitigation disables kernel IPsec ESP and RxRPC.\n\nLikely unaffected:\n\n- HTTPS/TLS\n- SSH\n- Docker bridge networking\n- WireGuard\n- Tailscale\n- OpenVPN\n- normal web apps and APIs\n\nLikely affected:\n\n- strongSwan/libreswan IPsec tunnels using ESP\n- software depending on RxRPC or AFS\n\nCheck before applying on VPN gateways:\n\n```bash\nip xfrm state\nsystemctl list-units --type=service --all 'strongswan*' 'ipsec*' 'libreswan*' 'openafs*' 'afsd*'\nps -eo comm,args | grep -E 'strongswan|charon|pluto|ipsec|openafs|afsd|rxrpc' | grep -v grep || true\n```\n\n## Quick check\n\n```bash\nuname -r\ngrep -E '^(esp4|esp6|rxrpc) ' /proc/modules || echo \"esp4, esp6, rxrpc are not currently loaded\"\nmodprobe -n -v esp4 2>/dev/null || true\nmodprobe -n -v esp6 2>/dev/null || true\nmodprobe -n -v rxrpc 2>/dev/null || true\n```\n\nIf one of these features is built directly into your kernel instead of available as a module, a modprobe blacklist cannot disable it. In that case, prioritize a fixed kernel and reboot.\n\n## Manual mitigation\n\n```bash\nsudo tee /etc/modprobe.d/disable-dirtyfrag.conf >/dev/null <<'EOF'\ninstall esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\nEOF\n\nsudo modprobe -r esp4 esp6 rxrpc 2>/dev/null || true\nsync\necho 3 | sudo tee /proc/sys/vm/drop_caches >/dev/null\n```\n\nVerify:\n\n```bash\nif grep -E '^(esp4|esp6|rxrpc) ' /proc/modules; then\n  echo \"STILL LOADED: reboot or investigate module users\"\nelse\n  echo \"Dirty Frag modules are not loaded\"\nfi\n\nfor module in esp4 esp6 rxrpc; do\n  echo \"== $module ==\"\n  modprobe -n -v \"$module\" 2>/dev/null || true\ndone\n```\n\nExpected `modprobe -n -v` output should include:\n\n```text\ninstall /bin/false\n```\n\n## Patch when your distro ships a kernel fix\n\nKeep normal security updates moving. The module block is a mitigation, not the final repair.\n\n```bash\nsudo apt update\nsudo apt full-upgrade\nsudo reboot\n```\n\nAfter reboot:\n\n```bash\nuname -r\ngrep -E '^(esp4|esp6|rxrpc) ' /proc/modules || true\n```\n\n## Ansible playbook\n\nSave as `dirtyfrag-mitigate.yml`:\n\n```yaml\n---\n- name: Mitigate Dirty Frag CVE-2026-43284 and CVE-2026-43500\n  hosts: all\n  become: true\n  gather_facts: false\n\n  vars:\n    dirtyfrag_modules:\n      - esp4\n      - esp6\n      - rxrpc\n\n  tasks:\n    - name: Check active IPsec xfrm state\n      ansible.builtin.command: ip xfrm state\n      register: dirtyfrag_xfrm_state\n      changed_when: false\n      failed_when: false\n\n    - name: Show active IPsec xfrm state warning\n      ansible.builtin.debug:\n        msg: \"Active xfrm state detected. Confirm this host is not an IPsec gateway before disabling esp4/esp6.\"\n      when: dirtyfrag_xfrm_state.stdout | trim | length > 0\n\n    - name: Block Dirty Frag kernel modules from loading\n      ansible.builtin.copy:\n        dest: /etc/modprobe.d/disable-dirtyfrag.conf\n        owner: root\n        group: root\n        mode: \"0644\"\n        content: |\n          {% for module in dirtyfrag_modules %}\n          install {{ module }} /bin/false\n          {% endfor %}\n      register: dirtyfrag_blacklist\n\n    - name: Unload Dirty Frag modules if currently loaded\n      community.general.modprobe:\n        name: \"{{ item }}\"\n        state: absent\n      loop: \"{{ dirtyfrag_modules }}\"\n      register: dirtyfrag_unload\n      failed_when: false\n\n    - name: Flush filesystem buffers before clearing page cache\n      ansible.builtin.command: sync\n      changed_when: false\n      when: dirtyfrag_blacklist.changed or dirtyfrag_unload.changed\n\n    - name: Clear page cache after mitigation changes\n      ansible.builtin.command: sysctl -w vm.drop_caches=3\n      changed_when: true\n      when: dirtyfrag_blacklist.changed or dirtyfrag_unload.changed\n\n    - name: Check whether Dirty Frag modules are still loaded\n      ansible.builtin.shell: \"grep -E '^(esp4|esp6|rxrpc) ' /proc/modules\"\n      register: dirtyfrag_loaded\n      changed_when: false\n      failed_when: false\n\n    - name: Verify modprobe resolves modules to /bin/false\n      ansible.builtin.command: \"modprobe -n -v {{ item }}\"\n      loop: \"{{ dirtyfrag_modules }}\"\n      register: dirtyfrag_modprobe_check\n      changed_when: false\n      failed_when: false\n\n    - name: Show mitigation status\n      ansible.builtin.debug:\n        msg:\n          - \"config_changed={{ dirtyfrag_blacklist.changed }}\"\n          - \"loaded_modules={{ dirtyfrag_loaded.stdout | default('') }}\"\n          - \"modprobe_checks={{ dirtyfrag_modprobe_check.results | map(attribute='stdout') | list }}\"\n\n    - name: Fail if Dirty Frag modules are still loaded\n      ansible.builtin.fail:\n        msg: \"One or more Dirty Frag modules are still loaded. Reboot this host or inspect module users.\"\n      when: dirtyfrag_loaded.rc == 0\n```\n\nExample `inventory.yml`:\n\n```yaml\n---\nall:\n  children:\n    webservers:\n      hosts:\n        web-1:\n          ansible_host: 203.0.113.10\n          ansible_user: ubuntu\n        web-2:\n          ansible_host: 203.0.113.11\n          ansible_user: ubuntu\n    workers:\n      hosts:\n        worker-1:\n          ansible_host: 203.0.113.20\n          ansible_user: debian\n  vars:\n    ansible_become: true\n    ansible_python_interpreter: /usr/bin/python3\n```\n\nRun it:\n\n```bash\nansible-playbook -i inventory.yml dirtyfrag-mitigate.yml\n```\n\nRun only a selected group:\n\n```bash\nansible-playbook -i inventory.yml dirtyfrag-mitigate.yml --limit webservers\n```\n\n## Ansible role-style task\n\nIf you already have a common hardening role, put the modules in group vars:\n\n```yaml\ndisabled_kernel_modules:\n  - esp4\n  - esp6\n  - rxrpc\n```\n\nThen use this task block:\n\n```yaml\n- name: Block disabled kernel modules from loading\n  ansible.builtin.copy:\n    dest: \"/etc/modprobe.d/disable-{{ item }}.conf\"\n    owner: root\n    group: root\n    mode: \"0644\"\n    content: |\n      install {{ item }} /bin/false\n  loop: \"{{ disabled_kernel_modules | default([]) }}\"\n  register: disabled_kernel_module_blacklists\n\n- name: Unload disabled kernel modules if currently loaded\n  community.general.modprobe:\n    name: \"{{ item }}\"\n    state: absent\n  loop: \"{{ disabled_kernel_modules | default([]) }}\"\n  register: disabled_kernel_module_unloads\n  failed_when: false\n\n- name: Flush filesystem buffers before clearing page cache\n  ansible.builtin.command: sync\n  changed_when: false\n  when: disabled_kernel_module_blacklists.changed or disabled_kernel_module_unloads.changed\n\n- name: Clear page cache after Dirty Frag mitigation changes\n  ansible.builtin.command: sysctl -w vm.drop_caches=3\n  changed_when: true\n  when: disabled_kernel_module_blacklists.changed or disabled_kernel_module_unloads.changed\n```\n\n## Remove the manual mitigation later\n\nOnly do this after your running kernel is fixed and you have rebooted into it.\n\n```bash\nsudo rm /etc/modprobe.d/disable-dirtyfrag.conf\nsudo reboot\n```\n", "creation_timestamp": "2026-05-08T16:19:20.000000Z"}, {"uuid": "533fe2b4-62e9-430e-9452-e90234fd4c2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-dirty-frag-new-linux-local-privilege-escalation-vulnerability-was-disclosed", "content": "", "creation_timestamp": "2026-05-08T09:28:10.000000Z"}, {"uuid": "bce47242-2594-45c6-a653-5a8370c5590c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3mleevhyme22p", "content": "\"Dirty Frag\" Linux Kernel LPE Zero-Day (CVE-2026-43284, CVE-2026-43500) #patchmanagement", "creation_timestamp": "2026-05-08T18:39:18.381389Z"}, {"uuid": "24ddea41-4324-4bf1-83ce-16394de8606b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/al26-011-vulnerabilities-affecting-linux-cve-2026-43284-cve-2026-43500", "content": "", "creation_timestamp": "2026-05-08T10:39:10.000000Z"}, {"uuid": "47fe1743-21e1-44f6-b5a0-8182e12ee011", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/threatintel.microsoft.com/post/3mleath2kmz2p", "content": "A newly disclosed Linux local privilege escalation vulnerability known as \u201cDirty Frag\u201d enables escalation from an unprivileged user to root through vulnerable kernel networking & memory-fragment handling components, including esp4, esp6 (CVE-2026-43284), and rxrpc (CVE-2026-43500). msft.it/6015v3WNc", "creation_timestamp": "2026-05-08T17:26:35.837613Z"}, {"uuid": "12cd2f25-dd57-45b7-88e0-63eafeef76d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://mstdn.social/users/jschauma/statuses/116540434561235145", "content": "#DirtyFrag status/advisories:\nAlmaLinux:https://almalinux.org/blog/2026-05-07-dirty-frag/\nDebian:https://security-tracker.debian.org/tracker/CVE-2026-43500https://security-tracker.debian.org/tracker/CVE-2026-43284\nGentoo:https://bugs.gentoo.org/974307\nRedHat:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2026-43284https://access.redhat.com/security/cve/cve-2026-43284nothing yet on CVE-2026-43500\nRocky:https://kb.ciq.com/article/rocky-linux/rl-dirty-frag-mitigation\nSUSE / OpenSUSE:https://www.suse.com/security/cve/CVE-2026-43500.htmlhttps://www.suse.com/security/cve/CVE-2026-43284.htmlhttps://www.suse.com/c/addressing-copy-fail2-aka-dirtyfrag-in-suse-virtualization/\nUbuntu:https://ubuntu.com/security/CVE-2026-43284https://ubuntu.com/security/CVE-2026-43500https://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available\nAWS:https://aws.amazon.com/security/security-bulletins/rss/2026-027-aws/ https://explore.alas.aws.amazon.com/CVE-2026-43284.html", "creation_timestamp": "2026-05-08T18:45:22.128406Z"}, {"uuid": "f5d79e82-0bd9-4bee-9882-e3d49f33352a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/jschauma.mstdn.social.ap.brid.gy/post/3mlefaalbezb2", "content": "#DirtyFrag status/advisories:\n\nAlmaLinux:\nhttps://almalinux.org/blog/2026-05-07-dirty-frag/\n\nDebian:\nhttps://security-tracker.debian.org/tracker/CVE-2026-43500\nhttps://security-tracker.debian.org/tracker/CVE-2026-43284\n\nGentoo:\nhttps://bugs.gentoo.org/974307\n\nRedHat [\u2026]", "creation_timestamp": "2026-05-08T18:46:05.118790Z"}, {"uuid": "d0745ee1-0906-43a9-8130-e998f2e2cd6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://gist.github.com/Senci/6dd521104fd36bf9c679975fb9e8b89c", "content": "#!/usr/bin/env bash\n# Dirty Frag mitigation + verification\n# CVE-2026-43284 (xfrm-ESP) / CVE-2026-43500 (RxRPC)\n# Works on Rocky/RHEL and Arch \u2014 idempotent, no reboot required.\n\nset -euo pipefail\n\nCONF=/etc/modprobe.d/dirtyfrag.conf\nMODS=(esp4 esp6 rxrpc)\n\n[[ $EUID -eq 0 ]] || {\n  echo \"must run as root\" >&2\n  exit 1\n}\n\necho \"=== Dirty Frag mitigation ===\"\necho \"host:   $(hostname)\"\necho \"kernel: $(uname -r)\"\necho\n\n# 1. report whether vulnerable .ko files are present on this kernel\necho \"[1/5] vulnerable modules on disk:\"\nfor m in \"${MODS[@]}\"; do\n  f=$(find \"/lib/modules/$(uname -r)\" -name \"${m}.ko*\" 2>/dev/null | head -1)\n  [[ -n $f ]] && echo \"  - $m: $f\" || echo \"  - $m: not built for this kernel\"\ndone\necho\n\n# 2. write blacklist\necho \"[2/5] writing $CONF\"\ncat >\"$CONF\" <<'EOF'\n# Dirty Frag mitigation \u2014 block xfrm-ESP and RxRPC page-cache-write LPE\n# CVE-2026-43284 (esp4/esp6), CVE-2026-43500 (rxrpc)\n# Remove this file once distro kernel ships backports.\ninstall esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\nEOF\nchmod 0644 \"$CONF\"\n\n# 3. unload anything currently loaded\necho \"[3/5] unloading currently loaded modules:\"\nfor m in \"${MODS[@]}\"; do\n  if lsmod | awk '{print $1}' | grep -qx \"$m\"; then\n    if rmmod \"$m\" 2>/dev/null; then\n      echo \"  - $m: unloaded\"\n    else\n      echo \"  - $m: in use, could not unload (reboot to clear)\"\n    fi\n  else\n    echo \"  - $m: not loaded\"\n  fi\ndone\n\n# 4. flush page cache (cleans up if exploit had been run pre-mitigation)\necho \"[4/5] flushing page cache\"\nsync\necho 3 >/proc/sys/vm/drop_caches\necho \"  - done\"\n\n# 5. verify autoload is blocked (dry-run, does not execute /bin/false)\necho\necho \"[5/5] verifying autoload is blocked:\"\nfail=0\nfor m in \"${MODS[@]}\"; do\n  if modprobe -n -v \"$m\" 2>&1 | grep -q '/bin/false'; then\n    echo \"  - $m: BLOCKED \u2713\"\n  else\n    echo \"  - $m: NOT BLOCKED \u2717\"\n    fail=1\n  fi\ndone\n\necho\nif [[ $fail -eq 0 ]]; then\n  echo \"=== mitigation applied successfully \u2014 no reboot required ===\"\n  exit 0\nelse\n  echo \"=== mitigation FAILED \u2014 investigate $CONF and modprobe config ===\"\n  exit 2\nfi\n", "creation_timestamp": "2026-05-08T19:04:16.000000Z"}, {"uuid": "a4fe39b7-b5a3-4ae9-95f4-a3f471e7c930", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/Linux-Maintainers.activitypub.awakari.com.ap.brid.gy/post/3mleiuxfnowo2", "content": "AL26-011 - Vulnerabilities affecting Linux - CVE-2026-43284 and CVE-2026-43500 Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MW...\n\n#Malware #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-08T19:50:39.591563Z"}, {"uuid": "47b61115-e966-4893-afa1-7f2d2e8c470f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3mlekajztdm2e", "content": "~Cybergcca~\nAlert on unpatched Linux LPE flaws (Dirty Frag) with active PoCs, plus Edge & cPanel updates.\n-\nIOCs: CVE-2026-43284, CVE-2026-43500\n-\n#Linux #ThreatIntel #Vulnerability", "creation_timestamp": "2026-05-08T20:14:58.760346Z"}, {"uuid": "4647b87c-6d98-4691-8ee2-f8c77da23eff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/nicolas17.xyz/post/3mleijak4qk24", "content": "Did you update your Linux kernel *again* to protect against the last privilege escalation bug?\n\nNo, not CopyFail (CVE-2026-31431), the new DirtyFrag (CVE-2026-43284, CVE-2026-43500).", "creation_timestamp": "2026-05-08T19:44:03.845763Z"}, {"uuid": "5fb5f327-2c4e-4345-9897-d1461d08e967", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mleq4zjrfm2s", "content": "Two Linux kernel vulnerabilities, CVE-2026-43284 and CVE-2026-43500 (Dirty Frag), enable local users to escalate privileges by overwriting page cache across many distros. Monitoring ESP and RxRPC recommended. #LinuxKernel #RootAccess #USA", "creation_timestamp": "2026-05-08T22:00:23.546730Z"}, {"uuid": "601b31b4-bbe3-4b96-96d2-ff36b440c850", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mlenmpi3zb2z", "content": "DirtyFrag exploits two Linux kernel bugs, CVE-2026-43284 and CVE-2026-43500, enabling local root access on major distros including Ubuntu, RHEL, Fedora, CentOS Stream, AlmaLinux, and openSUSE. #LinuxRoot #KernelExploit #USA", "creation_timestamp": "2026-05-08T21:15:28.771348Z"}, {"uuid": "4c0bfaf6-c9ee-48fe-9a57-e42078a7463d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/dragostech.bsky.social/post/3mler7ebhyc26", "content": "\"Dirty Frag\" clickbait update: ESP (CVE-2026-43284) patched in mainline + stable (7.0.5, 6.18.28, 6.12.87, 6.6.138, 6.1.171). RxRPC (CVE-2026-43500) still unpatched upstream. AWS adds ipcomp4/ipcomp6 to the blacklist alongside esp4/esp6/rxrpc. AlmaLinux shipped both. Ubuntu/Debian mitigation only.", "creation_timestamp": "2026-05-08T22:20:51.396533Z"}, {"uuid": "196ae2cb-5c94-4559-a32e-dd535a426e54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/unraid.net/post/3mleyipgro32d", "content": "\ud83d\udea8 Unraid OS 7.2.6 is now available.\n\nThis is an important security release that upgrades the Linux kernel to address the \"Dirty Frag\" local privilege escalation vulnerability (CVE-2026-43284 & CVE-2026-43500).  \n\nAll users should update their systems immediately to stay protected. \ud83d\udee1\ufe0f", "creation_timestamp": "2026-05-09T00:30:05.046715Z"}, {"uuid": "ddeecb7b-db90-4ab0-8aff-a66fa7ba053f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/mel-echosphere.bsky.social/post/3mlene27n652h", "content": "\u4f55\u304c\u8d77\u304d\u308b\u304b\u3002\n\n\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u3044\u308b\u4e00\u822c\u30e6\u30fc\u30b6\u30fc\u304c\u3001\u7ba1\u7406\u8005\u6a29\u9650\u3092\u596a\u3048\u308b\u3002\u30bf\u30a4\u30df\u30f3\u30b0\u306e\u904b\u3082\u8981\u3089\u306a\u3044\u2014\u2014\u78ba\u5b9f\u306b\u52d5\u304f\u3002\n\n\u901a\u4fe1\u6697\u53f7\u51e6\u7406\u306e\u5185\u90e8\u3067\u3001\u4ed6\u4eba\u306e\u30e1\u30e2\u30ea\u9818\u57df\u306b\u76f4\u63a5\u66f8\u304d\u8fbc\u3093\u3067\u3057\u307e\u3046\u69cb\u9020\u4e0a\u306e\u6b20\u9665\u30022017\u5e74\u306e\u30b3\u30fc\u30c9\u5909\u66f4\u304b\u30899\u5e74\u9593\u3001\u6c17\u3065\u304b\u308c\u306a\u3044\u307e\u307e\u6b8b\u3063\u3066\u3044\u305f\u3002\ud83d\udd4a\ufe0f\n\nCVE-2026-43284 \u306f\u4fee\u6b63\u6e08\u307f\u3002CVE-2026-43500 \u306f\u4fee\u6b63\u306a\u3057\u3002\n\nDirty Pipe \u2192 Copy Fail \u2192 Dirty Frag\u3002\u540c\u3058\u7a2e\u985e\u306e\u7a74\u304c\u4e16\u4ee3\u3092\u8d8a\u3048\u3066\u62e1\u304c\u3063\u3066\u3044\u308b\u3002\u4e00\u3064\u585e\u3044\u3067\u3082\u3001\u540c\u3058\u4ed5\u7d44\u307f\u3067\u7d44\u307e\u308c\u305f\u5225\u306e\u7d4c\u8def\u304b\u3089\u6765\u308b\u3002", "creation_timestamp": "2026-05-08T21:10:37.192059Z"}, {"uuid": "985f091e-6aa8-46a1-9953-75928b4e4f19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/unraid.net/post/3mlewtdz2522l", "content": "\ud83d\udea8 Unraid OS 7.2.6 is now available.   \n\nThis is an important security release that upgrades the Linux kernel to address the \"Dirty Frag\" local privilege escalation vulnerability (CVE-2026-43284 & CVE-2026-43500).  \n\nAll users should update their systems immediately to stay protected. \ud83d\udee1\ufe0f", "creation_timestamp": "2026-05-09T00:00:14.826813Z"}, {"uuid": "12482d55-7452-4c4c-aa2c-16a3ee93e8e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mleww3kwwc2e", "content": "2/11\n\nThis update addresses a Linux kernel local privilege escalation attack known\n  as \"Dirty Frag.\" Please note that there's a second CVE (CVE-2026-43500) that\n  is not yet patched upstream.\n  Mitigation: If for some reason it's not possible to upgrade the kernel right", "creation_timestamp": "2026-05-09T00:01:46.352735Z"}, {"uuid": "ba2ba09e-35ab-478b-9871-408239a00447", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mleww4snfr22", "content": "3/11\n\naway you may blacklist or remove the kernel modules esp4.ko and esp6.ko\n  (CVE-2026-43284) and rxrpc.ko (CVE-2026-43500).\n  Also remove the modules from the kernel if they have been loaded:\n    rmmod esp4 esp6 rxrpc\n  And, drop the file caches in case in-memory program copies", "creation_timestamp": "2026-05-09T00:01:47.498372Z"}, {"uuid": "41241fe2-fa4a-456e-a346-4cb8fa5f122d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mlewwcbh4i22", "content": "8/11\n\nas \"Dirty Frag.\" Please note that there's a second CVE (CVE-2026-43500) that\n  is not yet patched upstream.\n  Mitigation: If for some reason it's not possible to upgrade the kernel right\n  away you may blacklist or remove the kernel modules esp4.ko and esp6.ko", "creation_timestamp": "2026-05-09T00:01:53.070919Z"}, {"uuid": "6ca99d51-5ae7-448f-b7da-81f1b7934b05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43500", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mlewwdh2f62i", "content": "9/11\n\n(CVE-2026-43284) and rxrpc.ko (CVE-2026-43500).\n  Also remove the modules from the kernel if they have been loaded:\n    rmmod esp4 esp6 rxrpc\n  And, drop the file caches in case in-memory program copies have already\n  been compromised. Make sure possibly affected programs do not", "creation_timestamp": "2026-05-09T00:01:54.619433Z"}]}