« Securité : Dirty Frag » : différence entre les versions

CVE-2026-43284

Liens

• https://github.com/V4bel/dirtyfrag/tree/master
• https://seclists.org/oss-sec/2026/q2/430
• https://itcc.uni-koeln.de/en/services/information-security/it-security/vulnerability-cve-2026-43284-dirty-frag
• https://www.bortzmeyer.org/dirtyfrag.html
• https://github.com/odoucet/copyfail-dirtyfrag-blocker

Contournement

• https://github.com/V4bel/dirtyfrag
• https://mstdn.social/@jschauma/116540434561235145

sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"

Sur Ubuntu :

• https://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available

Step 1 – block the modules:

Block the modules by creating a /etc/modprobe.d/dirty-frag.conf file:

echo "install esp4 /bin/false" | sudo tee /etc/modprobe.d/dirty-frag.conf
echo "install esp6 /bin/false" | sudo tee -a /etc/modprobe.d/dirty-frag.conf
echo "install rxrpc /bin/false" | sudo tee -a /etc/modprobe.d/dirty-frag.conf

Regenerate the initramfs images, to prevent the modules from being loaded during early boot:

sudo update-initramfs -u -k all

Step 2 – unload modules:

Unload the modules, in case they are already loaded:

sudo rmmod esp4 esp6 rxrpc 2>/dev/null

Step 3 – confirm the modules aren’t loaded:

Check whether the modules are still loaded:

grep -qE '^(esp4|esp6|rxrpc) ' /proc/modules && echo "Affected modules are loaded" || echo "Affected modules are NOT loaded"

If the previous action indicates that the modules are not loaded, no further action is required. However, unloading the modules may not be possible if they are in use by applications. In these instances, a system reboot will enforce their blocking, but will affect applications:

sudo reboot