Share
## https://sploitus.com/exploit?id=AD3CFC19-837C-599D-972C-39AEBBD5AA8E
# Dirty Frag Technical Analysis
> CVE-2026-43284 (xfrm-ESP) / CVE-2026-43500 (RxRPC)
>
> Linux kernel local privilege escalation vulnerability โ Reverse engineering, shellcode analysis, patch principles, detection scripts
## Vulnerability Overview
Dirty Frag exploits two independent vulnerabilities: `xfrm-ESP Page-Cache Write` and `RxRPC Page-Cache Write`. This allows local ordinary users to gain root privileges on almost all mainstream Linux distributions. โ **Deterministic logic vulnerability**, no race conditions, 100% success rate
- **Completely bypasses Copy Fail mitigation measures**
- Affected versions: Almost all Linux kernels since 2017
## File Description
| File | Description |
|------|------|
| [dirtyfrag-analysis.md](dirtyfrag-analysis.md) | Complete technical analysis article |
| [dirtyfrag-check.sh](dirtyfrag-check.sh) | One-click detection script (esp4/esp6 + rxrpc) |
## Quick Detection
```bash
# One-line command for quick detection
lsmod | grep -qE "esp4|rxrpc" && echo "[!] Risk exists" || echo "[+] Safe"
# Or use the full detection script
bash dirtyfrag-check.sh
```
## Temporary Fix
```bash
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; echo 3 > /proc/sys/vm/drop_caches"
```
> โ ๏ธ Please confirm that IPsec encryption is not used between IPsec VPN / SD-WAN / K8s pods before applying this fix
## Practical Verification
```
OS: Ubuntu 22.04.5 LTS
Kernel: 5.15.0-171-generic
User: ubuntu (uid=1000) โ root (uid=0)
Variant: xfrm-ESP Page-Cache Write
Time: ~8 seconds
```
## Acknowledgments
- Vulnerability discoverer: [Hyunwoo Kim (@v4bel)](https://x.com/v4bel)
- [Dirty Frag official repository](https://github.com/V4bel/dirtyfrag)
## Disclaimer
This article is intended for security research and discussion purposes only. Do not use it for unauthorized system testing. ---
**Author:** Bomb
**WeChat:** AK7777177 (Security research communication, vulnerability analysis collaboration)