{"uuid": "a789b2bd-0fac-4065-a29f-f6af98bdbc48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43284", "type": "seen", "source": "https://gist.github.com/klaver/ae3745e2b8551740dc907703a05b1949", "content": "---\n- name: \"Mitigate DirtyFrag (CVE-2026-43284)\"\n hosts: \"all\"\n become: true\n gather_facts: false\n tasks:\n\n - name: \"Prevent esp4 kernel module from being loaded\"\n ansible.builtin.lineinfile:\n path: \"/etc/modprobe.d/mitigate-dirtyfrag.conf\"\n line: \"install esp4 /bin/false\"\n state: \"present\"\n create: true\n mode: \"0644\"\n owner: \"root\"\n group: \"root\"\n\n - name: \"Unload esp4 kernel module\"\n community.general.modprobe:\n name: \"esp4\"\n state: \"absent\"\n persistent: \"absent\"\n notify: \"Reboot if loaded module found\"\n\n - name: \"Prevent esp6 kernel module from being loaded\"\n ansible.builtin.lineinfile:\n path: \"/etc/modprobe.d/mitigate-dirtyfrag.conf\"\n line: \"install esp6 /bin/false\"\n state: \"present\"\n create: true\n mode: \"0644\"\n owner: \"root\"\n group: \"root\"\n\n - name: \"Unload esp6 kernel module\"\n community.general.modprobe:\n name: \"esp6\"\n state: \"absent\"\n persistent: \"absent\"\n notify: \"Reboot if loaded module found\"\n\n - name: \"Prevent rxrpc kernel module from being loaded\"\n ansible.builtin.lineinfile:\n path: \"/etc/modprobe.d/mitigate-dirtyfrag.conf\"\n line: \"install rxrpc /bin/false\"\n state: \"present\"\n create: true\n mode: \"0644\"\n owner: \"root\"\n group: \"root\"\n\n - name: \"Unload rxrpc kernel module\"\n community.general.modprobe:\n name: \"rxrpc\"\n state: \"absent\"\n persistent: \"absent\"\n notify: \"Reboot if loaded module found\"\n\n handlers:\n - name: \"Reboot if loaded module found\"\n ansible.builtin.reboot:\n", "creation_timestamp": "2026-05-08T07:56:06.000000Z"}