Skip to main content
← back to extensions

Cve/dirtyfrag

@swamp/cve/dirtyfragv2026.05.08.5· 1d agoMODELS·REPORTS
01README

Detects and mitigates the Dirty Frag Linux local privilege escalation vulnerability class (CVE-2026-43284 + CVE-2026-43500), which chains two kernel bugs to write attacker-controlled bytes into the page cache of suid binaries or /etc/passwd via splice().

Methods

  • scan — scan a single host (local, SSH, or Docker container)
  • scanFleet — scan multiple hosts in parallel with shared SSH credentials
  • mitigate — scan-then-fix: checks vulnerability first, blocklists modules, unloads them, and flushes page cache on affected hosts only

What It Detects

Kernel module availability (esp4/esp6/rxrpc), patch status, user namespace exposure, module blocklisting, page cache corruption of /usr/bin/su and /etc/passwd, XFRM SA exploit patterns, and RxRPC key artifacts.

No packages required on target hosts — all checks use POSIX utilities and procfs/sysfs.

02Models1
@swamp/cve/dirtyfragv2026.05.08.5dirtyfrag_detect.ts
fn scan()
Scan a single host for Dirty Frag vulnerability exposure (CVE-2026-43284 + CVE-2026-43500)
fn scanFleet()
Scan multiple hosts for Dirty Frag vulnerability. Pass a comma-separated list of IPs with a shared SSH user and key.
fn mitigate()
Apply mitigations for Dirty Frag: blocklist vulnerable modules and restrict user namespaces. Accepts a single host or comma-separated list.
fn cve202643284()
xfrm-ESP page-cache write
fn cve202643500()
RxRPC RXKAD page-cache write

Resources

status(infinite)— Vulnerability assessment for CVE-2026-43284 and CVE-2026-43500 (Dirty Frag)

Files

log(text/plain)— Scan execution log
03Reports1
@swamp/cve/dirtyfrag-reportmethod
dirtyfrag_scan_report.ts

Reports on Dirty Frag vulnerability scan and mitigation results

securityvulnerability
04Previous Versions2
2026.05.08.4May 8, 2026
2026.05.08.1May 8, 2026
05Stats
A
100 / 100
Downloads
3
Archive size
25.0 KB
Verified by Swamp
  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types1/1earned
  • Has description1/1earned
  • Platform support declared (or universal)2/2earned
  • License declared1/1earned
  • Verified public repository2/2earned
Repository
https://github.com/systeminit/swamp-extensions
06Platforms
07Labels
#security#vulnerability#cve#linux#dirtyfrag