Just an update. The fixes for DirtyFrag are pushing to stable right now. For Fedora 42, this is the 6.19.14-101 kernel. For Fedora 44 and Fedora 43, these are in the 7.0.4 kernel. There will be no 7.0.5 as it only contains a single patch which is already included in our 7.0.4 updates.

As this is a rebase kernel for Fedora 44 and Fedora 43, I have also started “offical” builds of the F42 update against F43 and F44. This gives users an option should there be a regression in 7.0.4 which makes it unusable on your system. These builds will be secure boot signed.

F44 Making sure you're not a bot!
F43 Making sure you're not a bot!

Thanks,
Justin

Supplement by moderation:

(Thanks again Justin )

For further updates, see below !!!

Works fine here with nvidia.

$ inxi -GS
System:
  Host: leigh-pc Kernel: 7.0.4-200.fc44.x86_64 arch: x86_64 bits: 64
  Console: pty pts/3 Distro: Fedora Linux 44 (Cinnamon)
Graphics:
  Device-1: NVIDIA GA107 [GeForce RTX 3050 6GB] driver: nvidia v: 595.71.05
  Display: unspecified server: X.org v: 1.21.1.22 with: Xwayland v: 24.1.11
    driver: X: loaded: nvidia unloaded: modesetting,nouveau

System Details Report

Report details

• Date generated: 2026-05-09 11:17:31

Hardware Information:

• Hardware Model: AZW U59
• Memory: 16.0 GiB
• Processor: Intel® Celeron® N5105 × 4
• Graphics: Intel® UHD Graphics (JSL)
• Disk Capacity: 512.1 GB

Software Information:

• Firmware Version: JTKT001
• OS Name: Fedora Linux 44 (Workstation Edition)
• OS Build: (null)
• OS Type: 64-bit
• GNOME Version: 50
• Windowing System: Wayland
• Kernel Version: Linux 7.0.4-200.fc44.x86_64

I pinned this globally until Monday, as there was a lot of interest in this.

For the users, the update that fixes DirtyFrag is in your daily updates. In case of a doubt, just do sudo dnf update --refresh (all updates) or sudo dnf update --security --refresh (only security updates; the fixed kernel will be contained)

Thanks Justin !!

I thought I read that 7.0.4 was only a partial fix, but I don’t see 7.0.6 building in Koji yet.
The 7.0.6 announcement was Monday morning US time, so around 36-ish hours or more. I thought new kernels, especially if they had a security fix, hit the koji server pretty quickly.

The patch of the official kernel 7.0.6 upstream (7.0.6. contains only one patch) seems to be already contained in our Fedora 7.0.4 build: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

See & compare the changelogs of …

https://cdn.kernel.org/pub/linux/kernel/v7.x/ChangeLog-7.0.6 &
Making sure you're not a bot!

So it seems we have no need for 7.0.6

Before the question comes up: there is already the next one: pocs/fragnesia at main · v12-security/pocs · GitHub

… and the fix "skbuff: preserve shared-frag marker during coalescing " (and some other patches), which are currently upstream, are currently backported to 7.0.6 with a new build for the community. Soon in testing and then in your daily updates.

Thanks again Justin

Great, I didn’t realize that the patch was already known or available by the time the Fedora 7.0.4 build started.

Ah man, not again.

Update: Fragnesia-fixed kernel is ready. It is in your daily updates. If you want to be sure to have it immediately, do sudo dnf update --security and then reboot!

This applies to both F43 and F44!

7.0.8 enters testing → Making sure you're not a bot!

The kernel has an additional patch for fragnesia that is not in the upstream 7.0.8 → Making sure you're not a bot!

ssh-keysign-pwn is already covered by 7.0.8 itself.

The advice for users is as usual: do your daily updates. If you feel you have a very security sensitive use case, feel free to do it bi-daily but with at least 6 hours in between both updates.

In case of a doubt: sudo dnf update --security covers security-relevant updates, including kernel.

Keep in mind that after kernel updates, you need to reboot to use the new kernel!

Well, 7.0.8 (not 6.0.8), but otherwise, another day, another new kernel (and thanks to Fedora team for getting these out quickly).

Sorry, my bad! Updated…

Is it just me or is this not fully fixed on the latest F44 kernel? With the exploit from pocs/fragnesia-5db89c99566fc at main · v12-security/pocs · GitHub

user@srv01:~/workspace/pocs/fragnesia-5db89c99566fc$ uname -a
Linux srv01 7.0.8-200.fc44.x86_64 #1 SMP PREEMPT_DYNAMIC Fri May 15 14:03:46 UTC 2026 x86_64 GNU/Linux
user@srv01:~/workspace/pocs/fragnesia-5db89c99566fc$ ./skb_segment_exploit
[*] uid=1000 euid=1000 gid=1000 egid=1000
[*] target=/usr/bin/su size=57184
[*] outer_write_open_denied=1 errno=13 (Permission denied)
[*] backup: /tmp/.su_6043
[+] topology ready: sender_pid=6046 receiver_pid=6047
[+] XFRM ESP-in-TCP SA installed
[*] userns_write_open_denied=1 errno=13 (Permission denied)
[*] overwriting 120 bytes of page cache...
[*] range: offset=0x0 len=120 last=0x77 enc_len=4080 splice_len=4096
[+] stream0 table built
[-] [1/120] +0000 already=7f skip
<...>
*] [120/120] +0077  03 -> 05  xor=06 seq=96
[+] smashed 03 -> 05  index=119 offset=+0077
[*] verifying 120 bytes...
[*] summary: len=120 changed=96 skipped=24
[+] BUG: overwrote read-only page-cache bytes
[+] page cache corrupted, launching /usr/bin/su
[*] restore: cp /tmp/.su_6043 /usr/bin/su
[root@srv01 fragnesia-5db89c99566fc]#

Fragnesia is not fixed at all upstream because every time a patch is posted, people find another exploitable code path. 7.0.8 had the v4 patch for it. 7.0.9-102 building now has the v5 patch. So yes, when 7.0.8 was built, it did have full coverage of what was known at the time. But no, it does not cover everything we know now.

with 7.0.9-202.fc44.x86_64 the same exploit still works

We are already at 7.0.9-204 → Making sure you're not a bot!

Feel free to contribute to testing. Things are quite quick at the moment. The more people help to test, the quicker we can ship all security updates to users.