Key Points
- Linux kernel CVE-2026-43284 – local privilege escalation
- Disabling esp4 esp6 rxrpc modules stops the exploit
- Affects only systems using IPsec or AFS
What this is about
The Dirty Frag story reveals two local privilege escalation bugs in the Linux kernel. One bug is CVE-2026-43284 and hits the modules that handle ESP for IPsec. The other hits RxRPC modules used by AFS. Both were made public on May 7 2026. They affect the kernel modules that support network security and distributed file systems. The flaws were given a CVSS score of 7.8 which is considered high.
The fix disables esp4 esp6 rxrpc loading and can be applied with a small config file and an update-initramfs command. After the patch is installed the block can be removed and the system rebooted if needed.
Why it matters
This matters most to system administrators who run servers without containers, or who use VPNs that rely on IPsec, or who deploy AFS. If you are not using those services the risk is low. The exploit requires local login so remote attackers cannot trigger it. In environments that run untrusted workloads the flaw could be abused to gain root, but no public exploit exists yet.
For typical desktop users the impact is minimal because they rarely run IPsec or AFS services. When the patch arrives the system will automatically load the corrected kernel and the mitigation can be removed without reboot. Monitoring Ubuntu security notices will keep you informed of when the update is available.
Try the mitigation steps if you manage such systems and let us know how it works for you.
