Security

Linux Kernel Local Privilege Escalation Vulnerabilities (Dirty Frag / CopyFail2)

 

Summary

Barracuda is aware of a newly disclosed Linux kernel local privilege escalation vulnerability chain – dubbed “Dirty Frag” or “CopyFail2” – assigned CVE-2026-43284 and CVE-2026-43500. These vulnerabilities may allow an attacker with local access to a vulnerable Linux system to escalate privileges to root by abusing flaws in specific kernel networking subsystems. 

Barracuda has assessed the applicability of these vulnerabilities to our appliances and products. 

Impact on Barracuda Products 

Barracuda is actively deploying patches to all affected systems, including both physical and virtual appliances, to address these vulnerabilities and ensure continued security and protection for our customers. Where applicable and appropriate, the affected kernel modules will be removed and prevented from loading, further hardening Barracuda products against future vulnerabilities. 

Recommended Action

If self-hosting an appliance, apply the available patch/hotfix to ensure the kernel modules esp4, esp6 and rxrpc are blocked from being loaded. 

Where to Get the Patch 

Patches and hotfixes for this advisory are available through Barracuda support and update channels for your specific appliance or software version. 

References