Security Advisory – Dirty Frag (CVE-2026-43284)
Overview
The vulnerability Dirty Frag (CVE-2026-43284) is a recently disclosed Linux kernel local privilege escalation (LPE) issue affecting multiple major Linux distributions. It enables an attacker with local system access to escalate privileges to root by exploiting flaws in kernel networking and memory fragment handling. [microsoft.com], [tenable.com]
The vulnerability specifically impacts the IPsec ESP (Encapsulating Security Protocol) subsystem (modules esp4 / esp6) and is commonly chained with a second issue affecting the RxRPC module to achieve reliable exploitation. [access.redhat.com], [tenable.com]
Successful exploitation requires:
- Local access (e.g. SSH, compromised service, container)
- Presence and usability of the affected kernel modules
Affected Components
Dirty Frag (CVE-2026-43284) involves the following Linux kernel modules:
esp4esp6- (in combination scenarios)
rxrpc
These modules are typically associated with:
Security Assessment of i-Vertix 4.x Systems
Based on system verification, i-Vertix 4.x systems are NOT vulnerable to Dirty Frag (CVE-2026-43284).
Technical Validation
A runtime inspection of the kernel modules confirms that the vulnerable components are not loaded:
lsmod | grep -E '^(esp4|esp6|rxrpc)'
Output:
[root@i-Vertix4 ~]#
This indicates:
esp4 → not loadedesp6 → not loaded
rxrpc → not loaded
Why i-Vertix 4.x Is Not Affected
The Dirty Frag exploit path relies on the active presence of the vulnerable kernel modules.
If these modules are:
- not loaded
- not required by the system architecture
- not used by any active service
then the attack surface is effectively removed.
Additionally:
- i-Vertix systems do not rely on IPsec ESP or RxRPC components for core functionality
- therefore, the vulnerable code paths are not reachable in runtime