Updated 8 May 2026 - 11:00 CEST
EVS has been informed of a recently disclosed Linux kernel vulnerability known as “Dirty Frag”, a local privilege escalation vulnerability affecting multiple Linux kernel versions. Public proof-of-concept (PoC) exploit code is already available.
At this stage, EVS products running on Rocky Linux may be impacted depending on the enabled kernel modules and system configuration. Products not using Rocky Linux are not affected.
The vulnerability could allow a local authenticated attacker to escalate privileges to root under specific conditions.
Only EVS products deployed on Rocky Linux environments are potentially impacted.
Current investigations are ongoing to determine the exact exposure and impacted product versions.
Technical Details
The vulnerability affects specific Linux kernel networking modules, notably:
esp4
esp6
rxrpc
Public exploit code demonstrates that successful exploitation may lead to local privilege escalation (LPE) and full root access on vulnerable systems. According to publicly available information, the issue is related to improper handling of fragmented memory pages in the Linux kernel networking stack.
The vulnerability currently has no official upstream patch available at the time of publication. Public disclosures indicate that the embargo was broken before coordinated fixes could be released.
As no official patch is currently available, EVS recommends applying temporary mitigations where operationally possible.
The published workaround consists of disabling the following kernel modules:
esp4
esp6
rxrpc
Example mitigation command published by the security community:
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
Please note that this mitigation may impact environments using:
IPsec
RxRPC / AFS services
EVS recommends customers to:
Restrict local shell access to trusted administrators only
Monitor systems for suspicious privilege escalation activity
Apply the proposed mitigations when compatible with operational constraints
Follow future EVS communications regarding official patches and validated remediation actions
EVS Product Security teams are actively monitoring the situation and evaluating impacted products.
This advisory will be updated as additional information, patches or validated mitigations become available.
| Product | Version | Status | Patched Version |
|---|---|---|---|
| Cerebrum | All | Not vulnerable | |
| IPDirector | All | Not vulnerable | |
| IPWeb API Services | All | Not vulnerable | |
| XPlore | All | Not vulnerable | |
| Xedio | All | Not vulnerable | |
| C-Cast | All | Not vulnerable | |
| MAD | All | Not vulnerable | |
| XTAccess | All | Not vulnerable |
|
| XViewer | All | Not vulnerable |
|
| VIA XSquare | All | Not vulnerable | |
| XFile3 | All | Not vulnerable |
|
| XNetMonitor / XNetWebMonitor | All | Not vulnerable |
|
| Move I/O / Move UP | All | Not vulnerable | |
| C-NEXT | All | Not vulnerable | |
| Ingest Funnel | All | Not vulnerable | |
| MultiReview | All | Not vulnerable | |
| Truck Manager | All | Not vulnerable |
| Product | Version | Status | Patched version |
|---|---|---|---|
| Neuron | All | Under investigation | |
| Synapse | All | Under investigation | |
| VIA MAP | All | Under investigation | |
| IPWeb Streaming Server | All | Under investigation | |
| MediaHub | All | Under investigation | |
| XT / Multicam | All | Under investigation | |
| XHub-VIA | All | Under investigation | |
| XS-NEO | All | Under investigation | |
| XR-NEO | All | Under investigation | |
| Xeebra | All | Under investigation | |
| LSG | All | Under investigation | |
| LSM-VIA | All | Under investigation | |
| XtraMotion | All | Under investigation | |
| DYVI | Under investigation | ||
| Ingest Funnel | Under investigation |