---
title: "DirtyFrag CVE-2026-43284/43500 Mitigation"
description: "DirtyFrag Linux kernel local privilege escalation mitigation demo showing agentsh blocking AF_RXRPC and NETLINK_XFRM gateway sockets while preserving normal netlink."
doc_version: "1.0"
last_updated: "2026-05-18"
canonical: "https://www.agentsh.org/mitigations/demo-cve-2026-43284/"
---

# DirtyFrag CVE-2026-43284 / CVE-2026-43500 Mitigation

## Overview

This mitigation demo shows agentsh blocking DirtyFrag setup paths involving IPsec and RxRPC gateway sockets. The vulnerable run exposes kernel socket surfaces; the protected run blocks those setup calls while preserving normal network behavior.

## Mitigation

The mitigation uses socket rules for AF_NETLINK with NETLINK_XFRM and for AF_RXRPC. These rules can be enabled directly or through the built-in DirtyFrag conservative mitigation set.

## Sitemap

- [Canonical HTML](https://www.agentsh.org/mitigations/demo-cve-2026-43284/)
- [Site map](https://www.agentsh.org/sitemap.md)
- [Full documentation](https://www.agentsh.org/llms-full.md)