Portal Home Knowledgebase VPS/Dedicated Hosting Administration URGENT: Critical Security Vulnerability "Dirty Frag" - Immediate Patch Update

  1. Portal Home
  2. Knowledgebase
  3. VPS/Dedicated Hosting
  4. Administration
  5. URGENT: Critical Security Vulnerability "Dirty Frag" - Immediate Patch Update

  Categories

Backup
0
Billing
0
Cloud Hosting
0
Control Panels
0
Shared Hosting
1
Transfer to HostAddon
0
VPS/Dedicated Hosting
7

  Categories

  Tag Cloud

linux password server servers ubuntu vps windows server

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

URGENT: Critical Security Vulnerability "Dirty Frag" - Immediate Patch Update Print

  • 0

We are issuing an urgent security alert regarding a critical Linux kernel vulnerability known as "Dirty Frag" (CVE-2026-43284 and CVE-2026-43500).

Disclosed by security researchers, this flaw targets the in-place decryption paths within specific kernel modules (esp4, esp6, and rxrpc). It allows an unprivileged local user to gain full root access to the system. Due to the availability of public exploits, immediate remediation is strongly advised.

Risk Assessment

All supported versions of AlmaLinux (8, 9, 10, and Kitten 10) are affected. Systems at the highest risk include:

  • Multi-tenant hosts or shared hosting environments.

  • Container build farms and CI/CD runners.

  • Any system where untrusted users have shell access.

Resolution Steps (Recommended)

AlmaLinux has released patched kernels ahead of the standard RHEL cycle. To secure your environment, please follow these steps to install the update from the testing repository:

  1. Enable Testing Repo & Update:

    sudo dnf install -y almalinux-release-testing
sudo dnf update 'kernel*' --enablerepo=almalinux-testing

  2. Reboot: A system restart is required to initialize the patched kernel.

  3. Verify: Ensure your kernel version matches or exceeds the following:

    • AlmaLinux 8: 4.18.0-553.123.2.el8_10

    • AlmaLinux 9: 5.14.0-611.54.3.el9_7

    • AlmaLinux 10: 6.12.0-124.55.2.el10_1

(Note: Kitten 10 users can update directly from the regular repository without the testing flag.)

Temporary Mitigation (If Reboot is Impossible)

If you cannot reboot immediately, you may temporarily blacklist the vulnerable modules. Warning: This will disable IPsec ESP and AFS/rxrpc services.

Apply Blacklist:

sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"

 

Post-Update Clean Up

Once updated, it is a best practice to disable the testing repository: 

sudo dnf config-manager --disable almalinux-testing

Securing your infrastructure is our top priority. If you require technical assistance or have questions regarding your specific environment, please reply to this email or contact our support desk.

Source: AlmaLinux Official Security Blog — https://almalinux.org/blog/2026-05-07-dirty-frag/

Best regards,
Hostaddon.com

Was this answer helpful?

Related Articles

How to Change a Password in LinuxHow to Change a Password in Linux In this guide, we’ll cover how to change a password in Linux using the passwd command followed by... How to reset root password for Ubuntu server To reset the password, you need to restart the server – press the key combination Ctrl+Alt+Del.... How to expand the file system. Before updating the drive size, you should always back up all important data stored on it.... Using KVM with the Intel Xeon E3 1245v2 The Intel Xeon E3 1245v2 uses Intel AMT technology for remote KVM, power control, and virtual... Changing the Windows password during first login Changing the Windows password during first login If you get the following error message the...
« Back

  Tag Cloud

linux password server servers ubuntu vps windows server

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket