From 34698b18651016572af22147a9cda0464828b755 Mon Sep 17 00:00:00 2001
From: David Mendez <david.mendez@delphix.com>
Date: Mon, 11 May 2026 12:44:14 -0700
Subject: [PATCH] DLPX-97202 Add esp4/esp6/rxrpc modprobe disable to
 delphix-platform for CVE-2026-43500 (dirty frag)

PR URL: https://www.github.com/delphix/delphix-platform/pull/560
---
 files/common/etc/modprobe.d/dirty-frag.conf | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 files/common/etc/modprobe.d/dirty-frag.conf

diff --git a/files/common/etc/modprobe.d/dirty-frag.conf b/files/common/etc/modprobe.d/dirty-frag.conf
new file mode 100644
index 000000000..0a22210f8
--- /dev/null
+++ b/files/common/etc/modprobe.d/dirty-frag.conf
@@ -0,0 +1,7 @@
+# Disable esp4, esp6, rxrpc modules due to CVE-2026-43500 (dirty frag)
+# This will likely be re-enabled in a subsequent update once an updated
+# kernel has been deployed.
+# Blacklisting the module isn't sufficient, we need to do as below:
+install esp4 /bin/false
+install esp6 /bin/false
+install rxrpc /bin/false
\ No newline at end of file