Dirty Frag – Important Linux Kernel Security Notice

We have recently been made aware of a newly disclosed Linux kernel root exploit known as DirtyFrag (CVE pending).

At the time of writing, this appears to affect all Linux systems broadly. The vulnerability was disclosed earlier than originally planned, which means official kernel patches may not yet be available from some operating system vendors.

QuickHost Managed Customers

QuickHost has already applied the recommended mitigation to affected managed customer servers under our care.

No further action is required from managed customers unless we contact you directly.

Unmanaged Servers and Self-Managed Customers

If you manage your own Linux server, we strongly recommend applying the mitigation immediately.

The currently suggested mitigation is to disable the affected kernel modules:

sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"

To revert after a patched kernel is installed:

sudo rm /etc/modprobe.d/dirtyfrag.conf

Restore on-disk binaries after mitigation

The exploit can modify legitimate system binaries in page-cache as part of gaining root, so applying the mitigation alone is not enough on systems that may have been targeted before it was in place. After mitigating, drop page-cache:

echo 3 | sudo tee /proc/sys/vm/drop_caches > /dev/null

After applying the mitigation, we recommend rebooting the server where possible.

Important Compatibility Note

This mitigation may break services that rely on:

IPsec
AFS / RxRPC distributed file system functionality

Most standard web hosting, VPS, database, email, and application servers do not use these technologies. If you are not familiar with them, it is unlikely that your server depends on them.

Further Information

The public proof of concept and mitigation details are available here:

https://github.com/V4bel/dirtyfrag/tree/master

We will continue to monitor vendor updates and apply official kernel patches to managed systems as they become available.

Temporary Linux Kernel Mitigation for algif_aead “Copy Fail” (CVE-2026-31431)

A recently disclosed Linux kernel vulnerability, tracked as CVE-2026-31431, affects the kernel crypto interface algif_aead. This is not specific to one Linux distribution or vendor. Any Linux system running an affected kernel may be vulnerable,... Read more

QuickHost Joins the Independent Data Centre Network (IDCN)

We’re pleased to announce that QuickHost is now part of the Independent Data Centre Network (IDCN) – a global network of trusted data centre and infrastructure providers. 👉 https://idcn.solutions/ What This Means for QuickHost... Read more