Dear Customers,
A newly disclosed Linux kernel vulnerability named Dirty Frag allows Local Privilege Escalation (LPE) to root user access on vulnerable systems.
Vulnerability Information
Dirty Frag was publicly disclosed on May 7, 2026.
The vulnerability is related to the previously disclosed Copy/Fail vulnerability (CVE-2026-31431) and is considered a continuation of the Dirty Pipe exploit class (CVE-2022-0847).
The issue exists within the Linux kernel itself and may affect multiple Linux distributions.
Potential Impact
Systems running Linux kernel versions released after approximately Linux 4.14 (2017+) may be vulnerable.
Successful exploitation may allow attackers with local access to:
• Gain root-level privileges
• Modify kernel page cache memory
• Compromise binaries loaded by the kernel
• Fully compromise affected servers
Potentially Affected Operating Systems
• CloudLinux 7 Hybrid
• CloudLinux 8
• CloudLinux 9
• CloudLinux 10
• AlmaLinux 8
• AlmaLinux 9
• AlmaLinux 10
• Rocky Linux 8
• Rocky Linux 9
• Ubuntu 20.04
• Ubuntu 22.04
• Ubuntu 24.04
Current Status
At the time of publication, official upstream kernel patches are still being prepared and distributed by Linux maintainers and vendors.
Until stable patches are officially released, temporary mitigations are strongly recommended.
Temporary Mitigation
Run the following command as root user:
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
After that, flush kernel page cache:
echo 3 > /proc/sys/vm/drop_caches
After completing both commands, reboot the server once to ensure mitigation changes are properly applied.
Recommended Actions
• Apply temporary mitigation immediately
• Monitor official vendor advisories for stable kernel updates
• Restrict shell access for untrusted users
• Keep servers and cPanel environments fully updated
• Reboot servers after official kernel patches are installed
AquaHost Advisory
Customers using VPS or dedicated Linux environments are strongly advised to monitor this issue carefully and apply security updates immediately once officially released by their operating system vendor.
AquaHost will continue monitoring vendor advisories and security developments related to this vulnerability.
petak, Svibanj 8, 2026
