How to Secure Your System Against the Dirty Frag Vulnerability: Step-by-Step Update Guide

Introduction

The Dirty Frag vulnerability has been a hot topic in Linux circles recently. This local privilege escalation (LPE) exploit, accidentally exposed to the public, caught many distributions off guard. Fortunately, a proper patch is now available in Linux kernel 7.0.6 and Linux 6.18.29 LTS. Fedora and Pop!_OS have already pushed their own fixes. This guide will walk you through updating your system to protect against Dirty Frag, whether you use Fedora, Pop!_OS, or are comfortable with manual kernel installation.

How to Secure Your System Against the Dirty Frag Vulnerability: Step-by-Step Update Guide
Source: itsfoss.com

What You Need

Step-by-Step Instructions

Step 1: Identify Your Distribution and Version

Before applying the fix, confirm you're running a supported distribution. Open a terminal and run:

cat /etc/os-release

This shows your distro name and version. For this guide we cover Fedora and Pop!_OS. If you use another distro (e.g., Ubuntu), see the tips below for manual installation options.

Step 2: Back Up Your Data

Kernel updates are generally safe, but unexpected issues can arise. Back up important files to an external drive or cloud storage. Use tools like rsync or your distribution's backup utility.

Step 3: Update Your Package Repositories

For both Fedora and Pop!_OS, refresh the package list to ensure you receive the latest kernel:

Step 4: Apply the Kernel Update

The actual upgrade command depends on your distro:

For Fedora

After running sudo dnf update, check which kernel version is available. The patched kernel for Fedora 43/44 is 7.0.4-100.fc43 (note: Fedora 44 also uses this version; the team skipped 7.0.5 as the fix was already in 7.0.4). For Fedora 42, the fix comes in kernel 6.19.14-101. Confirm you see these versions, then run:

sudo dnf upgrade

When prompted, type Y to proceed. The system will download and install the new kernel along with any other updates.

For Pop!_OS

Pop!_OS LTS releases (22.04 and 24.04) receive the fix via apt. After sudo apt update, run:

sudo apt upgrade

This installs the patched kernel. Note: Pop!_OS has disabled the rxrpc module rather than patching it, while the esp4/esp6 modules are fixed and safe to re‑enable (though no action needed).

How to Secure Your System Against the Dirty Frag Vulnerability: Step-by-Step Update Guide
Source: itsfoss.com

Step 5: Reboot to Load the New Kernel

Once the update completes, reboot your system:

sudo reboot

After restarting, verify the new kernel is active:

uname -r

For Fedora, you should see 7.0.4-100.fc43.x86_64 (or similar for Fedora 42). For Pop!_OS, the version will be the updated LTS kernel (e.g., 6.19.14-101 or higher).

Step 6: Confirm the Patch Is Applied (Optional)

To be extra sure, check the changelog or use zgrep for CVE references:

zgrep "43500" /proc/version

If the patch is included, the output will mention the CVE. Alternatively, visit kernel.org and compare your kernel version to the patched release.

Tips for a Smooth Update

Recommended

Discover More

Quadsqueezing Quantum Breakthrough: 6 Things You Need to KnowSafari Technology Preview 240: Key Updates and Bug FixesHow to Identify and Mitigate the Critical GitHub CVE-2026-3854 Remote Code Execution VulnerabilityWhen Personal Crisis Hits: Expert Strategies for Staying Professional at Work5 Exciting Enhancements in the Python VS Code Extension – March 2026