cve-2026-43284-dirty-frag
by Liam Romanis
Deep audit and detection of the Dirty Frag (CVE-2026-43284/43500) Linux privilege escalation exploit chain.
- Audit Linux hosts and Kubernetes nodes for kernel privilege escalation risks.
- Verify if module blacklisting effectively mitigates Dirty Frag on custom kernels.
- Gate CI/CD pipelines by failing builds on vulnerable kernel configurations.
$5
· or 25 creditsSecure checkout via Stripe
Included in download
- Audit Linux hosts and Kubernetes nodes for kernel privilege escalation risks.
- Verify if module blacklisting effectively mitigates Dirty Frag on custom kernels.
- terminal automation included
- Ready for shell
Sample input
Scan this server for the Dirty Frag vulnerability and tell me if our modprobe blacklists are actually protecting us.
Sample output
[!] VULNERABLE: Dirty Frag exposure detected.
- Kernel: 6.1.0-unpatched
- Issue: esp4/esp6 modules are built-in (CONFIG_INET_ESP=y).
- Result: Your modprobe blacklist is IGNORED by the kernel. Mitigation: You must apply the kernel patch (commit f4c50a4) as blacklisting is ineffective.
cve-2026-43284-dirty-frag
by Liam Romanis
Deep audit and detection of the Dirty Frag (CVE-2026-43284/43500) Linux privilege escalation exploit chain.
$5
· or 25 creditsSecure checkout via Stripe
Included in download
- Audit Linux hosts and Kubernetes nodes for kernel privilege escalation risks.
- Verify if module blacklisting effectively mitigates Dirty Frag on custom kernels.
- terminal automation included
- Ready for shell
- Instant install
Sample input
Scan this server for the Dirty Frag vulnerability and tell me if our modprobe blacklists are actually protecting us.
Sample output
[!] VULNERABLE: Dirty Frag exposure detected.
- Kernel: 6.1.0-unpatched
- Issue: esp4/esp6 modules are built-in (CONFIG_INET_ESP=y).
- Result: Your modprobe blacklist is IGNORED by the kernel. Mitigation: You must apply the kernel patch (commit f4c50a4) as blacklisting is ineffective.
About This Skill
What it does
This skill provides a comprehensive, read-only security audit to detect the "Dirty Frag" exploit chain (CVE-2026-43284 and CVE-2026-43500) on Linux systems and containers. It performs 11 distinct checks to determine if a kernel is vulnerable to local privilege escalation via IPsec ESP or RxRPC in-place decryption fast paths.
Why use this skill
Unlike simple version-based scanners, this skill performs deep inspection of the system state. It analyzes kernel build configurations, module blacklists (modprobe.d), socket accessibility for unprivileged users, and active LSM (AppArmor/SELinux) profiles. It identifies cases where blacklisting failed due to modules being built into the kernel (CONFIG_INET_ESP=y), which manual prompting often misses.
Key Features
- Dual-CVE Analysis: Evaluates both components of the Dirty Frag chain simultaneously.
- Environmental Awareness: Detects if the audit is running inside a container or Kubernetes pod, targeting the host kernel's vulnerability state.
- Programmatic Integration: Supports JSON output and exit codes for automated CI/CD gating and SIEM reporting.
- Remediation Guidance: Generates actionable, copy-pasteable mitigation commands and patch instructions.
Output
The skill produces a detailed report of vulnerable conditions found, a JSON-compatible summary of the risk level, and a specific remediation plan based on the environment's configuration (e.g., specific module blacklisting vs. kernel updates).
Use Cases
- Audit Linux hosts and Kubernetes nodes for kernel privilege escalation risks.
- Verify if module blacklisting effectively mitigates Dirty Frag on custom kernels.
- Gate CI/CD pipelines by failing builds on vulnerable kernel configurations.
- Generate remediation scripts for fleet-wide Dirty Frag mitigation.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/cve-2026-43284-dirty-frag -o /tmp/cve-2026-43284-dirty-frag.zip && unzip -o /tmp/cve-2026-43284-dirty-frag.zip -d ~/.claude/skills && rm /tmp/cve-2026-43284-dirty-frag.zipFree skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
Allowed Hosts
File Scopes
The script reads output from these locations to determine whether the system is vulnerable to CVE-2026-43284 (DirtyFrag)
shell
Creator
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
designing-hybrid-context-layers
Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.
consumer-motivation-analyzer
Go beyond surface-level feedback to uncover the psychological drivers and hidden motivations behind buyer behavior.
keyword-research
Transform URLs or product lists into SEO keyword research packs with Google Ads data and intent-based clustering.
Bounty Security Pattern Master Library — 399 Vulnerability Patterns
A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.