Yeah I am confused too, Should we not put in the one-line-special mitigation? i.e.
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
If the modules ESP4, ESP6 and RXRPC are not currently loaded and if the one-line-special vulnerability blockage is introduced then it does require a reboot of the system to take effect.
Please refer to https://github.com/V4bel/dirtyfrag/issues/1
From the discussion
Sorry for the cross-post.
Still waiting on response from @joekamprad.
The latest stable 7.0.5.1-arch1-1 currently in testing comes with the
NOT! test the vulnerability, it could cause exactly what it says.
And i said not run the One-line special ! 
and best approach is to boot on LTS for the time till the fixed main kernel is reaching repos.
You can use the fix they offer there if you want to.
It is basically making the modules non loadable and unloading them right away. But this is mentione under Mitigation:
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; echo 3 > /proc/sys/vm/drop_caches; true"
/etc/modprobe.d/dirtyfrag.conf
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
If something tries to load one of the modules per example esp4 instead of doing so, it runs the /bin/false command instead of loading the driver/module
- /bin/false: A command that immediately exits with a āfailureā status.
- Result: The kernel thinks the module failed to load and stops. The driver is never initialized in memory.
I wonder why they didnāt use the blacklist function, the file would contain :
blacklist esp4
blacklist esp6
blacklist rxrpc
Yeah me wondering the same. blacklist also should have been used. Let us wait for some experts to chime in on this.
blacklist prevents the module from loading automatically (e.g., during hardware detection), but it can still be loaded manually or by another module that needs it as a dependency.
like the exploit itself does.
Will it be possible to add this vulnerability to the news section of pacman for EOS?
possible yes.. but it will be fixed any time soon anyway.
The Arch forums have no mention about dirty-frag as on right now. Ditto for Cachy-OS. The Manjaro forum also has a pretty good initial post but not that much discussion on this.
The Debian news section has no mention of this. Nor is this being discussed on Debian Forums. Cant say about the Debian mailing list though.
All in all we are perhaps the most active community on this.
seems correct, could be a cultural thing too
wdym?
Ah, I thought by One-line special you meant the one line fix/ workaround. Was wondering why I shouldnāt apply that. Thanks for clarifying!
So the fix is coming with the kernel 7.0.5 ? Iām on Linux 7.0.3-arch1-2, it would be with the next update?
the fixed main kernel is still hanging in testing..
Looks like 7.0.5 has been released finally, if thatās the fixed one 
7.0.5 is ready to update
The kernel 7.0.5 is the one with the fix for it, so update your systemsā¦
12 Likes
Already installed and rebooted ā¦ 