Overview
- The vulnerability was publicly disclosed Friday with a working proof‑of‑concept that grants root in a single command.
- The exploit chains flaws in the IPsec ESP and RxRPC code to write into the kernel’s page cache, which lets a local user flip four bytes in memory and take root.
- The researcher says the ESP bug dates to a 2017 commit and the RxRPC bug to 2023, and tests show impact across major distributions including Ubuntu 24.04.4, RHEL 10.1, openSUSE Tumbleweed, CentOS Stream 10, AlmaLinux 10, and Fedora 44.
- Immediate guidance is to blocklist and unload esp4, esp6, and rxrpc, which may disrupt IPsec VPNs and services that rely on RxRPC, since disabling algif_aead for the recent Copy Fail bug does not stop Dirty Frag.
- Reports describe a broken disclosure embargo that left no upstream fix at release, and vendors have begun building and testing kernels and live patches, including AlmaLinux test builds and CloudLinux KernelCare updates.