Skip to content

Latest commit

 

History

History
38 lines (25 loc) · 840 Bytes

File metadata and controls

38 lines (25 loc) · 840 Bytes

dirtypatch

For machines that cannot be rebooted, this program can be used to check and mitigate the vulnerabilities.

Usage

go build -o dirtypatch cmd/main.go
# since this is a patch, not a exploit, root permission is required
sudo ./dirtypatch

Details

It checks the vulnerabilities and try to mitigate them.

  • copyfail:
    • LKM: it disables the module algif_aead and clears the page cache.
    • builtin: it uses systemtap to patch the kernel.
  • dirtyfrag:
    • it disables the modules esp4, esp6, rxrpc and clears the page cache.
    • builtin not supported yet

Supported Vulnerabilities

  • CVE-2026-31431 "copy fail"
  • "dirty frag"

Related

Copyright

MIT License Copyright (c) 2026 Yun Dou

See LICENSE for details.