A Linux kernel local privilege escalation vulnerability chain known as “Dirty Frag” has been publicly disclosed. The vulnerabilities are tracked as:

• CVE-2026-43284
• CVE-2026-43500

The issue is considered similar in nature to the previously discussed “Copy Fail” vulnerability because it allows an unprivileged local user to gain root privileges through page-cache corruption mechanisms in the Linux kernel networking stack.

The vulnerabilities impact Linux kernel subsystems related to:

• IPsec ESP (esp4, esp6)
• RxRPC (rxrpc)

This article explains its impact on VMware Avi Load Balancer.

Avi Load Balancer Controller and Service Engine

CVE-2026-43284 and CVE-2026-43500 are bugs in the Linux kernel. Avi Load Balancer is a hardened virtual appliance built on top of Ubuntu, and is therefore subject to these vulnerabilities at the operating system layer.

The vulnerabilities are caused by flaws in Linux kernel networking subsystems related to page-backed memory handling. CVE-2026-43284 affects the IPsec ESP path, including the esp4 and esp6 kernel modules. CVE-2026-43500 affects the RxRPC subsystem, including the rxrpc kernel module.

Under specific conditions, an attacker may be able to corrupt page-cache-backed memory and gain root privileges.

Successful exploitation requires local access to the system. Remote client traffic to an Avi virtual service is not sufficient by itself to exploit this vulnerability.

Avi Load Balancer does not use the affected RxRPC subsystem in any default code path. Avi Load Balancer may include the affected ESP kernel modules as part of the underlying Ubuntu operating system, but these modules are not loaded by default unless required by the environment.

The Avi Load Balancer Security team is actively working to include the kernel fix in upcoming Avi releases. Once Ubuntu publishes patched kernel versions, those fixes will be validated and shipped as part of the next scheduled updates.

Note: The fix for these CVEs cannot be delivered via an Avi patch. The fix can be delivered via a maintenance release containing the fixed kernel.

This article will be updated with any released versions that ship the fixed kernel.

Mitigation:

• Until a fixed VMware Avi Load Balancer Service Engine image or patched kernel is available, the affected Linux kernel modules can be blocked from loading.
• This mitigation disables:
  • - 'esp4'
    - 'esp6'
    - 'rxrpc'
• Run as root:
  
  • cat > /etc/modprobe.d/disable-dirtyfrag.conf <<'EOF'
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
EOF
    
    
  • rmmod esp4 esp6 rxrpc 2>/dev/null || true
    • If any module is in use and cannot be unloaded, schedule a reboot.
      
      
  • Reboot each node where the affected kernel modules are disabled as per the above instructions and verify the esp4, esp6, and rxrpc kernel modules are disabled state/or unloaded after the reboot with below instructions:

Verification:

• Verify the modules are not loaded:
  • grep -E '^(esp4|esp6|rxrpc) ' /proc/modules
    
    • No output should be returned.
      
      
• Verify future module loading is blocked:
  • modprobe -n -v esp4
modprobe -n -v esp6
modprobe -n -v rxrpc


  • Expected output should contain:
    • install /bin/false
install /bin/false
install /bin/false