Ubuntu 24.04 Dirty Frag kernel fix

Dirty Frag fix for IPSEC

If you have IPSEC running and want to fix this CVE – you can rebuild ipv4 and ipv6 kernel modules.

Steps

1. uname -r && lsb_release -a
2. apt install -y linux-headers-$(uname -r) build-essential linux-source flex bison openssl libssl-dev dkms libelf-dev libudev-dev libpci-dev libiberty-dev autoconf
3. cd /usr/src/
4. tar -xf linux-source-*.tar.bz2
5. cd linux-source-*/
6. cp /boot/config-`uname -r` .config
7. cp /usr/src/linux-headers-$(uname -r)/Module.symvers .
8. make -j$(nproc) olddefconfig
9. make -j$(nproc) prepare
10. make -j$(nproc) modules_prepare
11. curl -S https://github.com/torvalds/linux/commit/f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4.diff | patch -p1
12. make -j$(nproc) M=net/ipv4 modules
13. make -j$(nproc) M=net/ipv6 modules
14. find -iname “*.ko” | xargs -I {} zstd {} -f -o /lib/modules/$(uname -r)/kernel/{}.zst
15. depmod -a

Outro

Hopefully Ubuntu & Debian will fix it soon..