Post · bonfire.cafe

@mttaggart@infosec.exchange · 4 hours ago

I'm not super familiar with Red Hat, but can someone do a sanity check for me? The recommended mitigation for DirtyFrag is to add the relevant modules to a modprobe blocklist. But...I wasn't aware the modules were loaded dynamically? At least on Fedora, they were not.

I very much want to be wrong about this. And expect I am, but want to be sure.

https://access.redhat.com/security/vulnerabilities/RHSB-2026-003

Red Hat Customer Portal

RHSB-2026-003 Networking subsystem Privilege Escalation - Linux Kernel (Dirty Frag) - (CVE-2026-43284) | Red Hat Customer Portal

Access Red Hat’s knowledge, guidance, and support through your subscription.

Mr. Bitterness

@wdormann@infosec.exchange · 3 hours ago

@mttaggart
The Red Hat mitigation works fine for protecting both Red Hat and Fedora.

2 media

mitigation blocks Dirty Frag on Fedora 44

mitigation blocks Dirty Frag on Red Hat 10.1

Taggart :ifin:

@mttaggart@infosec.exchange · 3 hours ago

@wdormann Thanks. Dunno what to tell ya, lsmod showed none of those modules for me and the exploit still worked. I used a different method to mitigate it.

Taggart :ifin:

@mttaggart@infosec.exchange · 2 hours ago

@wdormann Figured out what I was missing! That kmod loads the module on demand when the exploit demands it, despite what lsmod shows me beforehand. Thanks again!