/
CVE-2026-43284 and CVE-2026-43500: DirtyFrag / Copyfail2 Privilege Escalation Vulnerabilities in Barracuda CloudGen Access Virtual Appliance

CVE-2026-43284 and CVE-2026-43500: DirtyFrag / Copyfail2 Privilege Escalation Vulnerabilities in Barracuda CloudGen Access Virtual Appliance

Published: 2026-05-08
Affected Product: Barracuda CloudGen Access Virtual Appliance v1.1.0 and earlier (Ubuntu-based OVA)

Summary

Two related local privilege escalation vulnerabilities, collectively dubbed "DirtyFrag" / "Copyfail2", have been disclosed in the Linux kernel.

  • CVE-2026-43284 and CVE-2026-43500 are a pair of chained vulnerabilities that together create a high-severity local privilege escalation vulnerability in the Linux kernel.

These vulnerabilities allow any local user to gain root with high reliability. The affected kernel modules are auto-loaded on socket creation, so simply opening the relevant socket family from userspace is sufficient to bring the vulnerable code into the running kernel.

All Barracuda CloudGen Access virtual Appliance deployments v1.1.0 and earlier running on the Ubuntu-based OVA image are affected.

Impact

An attacker with local access to the virtual appliance, or who achieves code execution through a service running on the virtual appliance, can escalate to root privileges. This could allow complete
compromise of the CGA virtual appliance, including access to proxy and connector configurations, certificates, and network traffic.

Both exploits depend on the vulnerable modules being resident in the kernel. Because neither IPsec ESP nor AF_RXRPC is used by any CGA component, blocking module load eliminates the attack
surface entirely.

Affected Versions

Barracuda CloudGen Access virtual appliance v1.1.0 and earlier (Ubuntu-based OVA).

Required Action

Module Blocklist

Block the vulnerable modules from loading. Run the following as root:

#Create modprobe blocklist configuration sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf" #Unload modules if currently loaded sudo rmmod esp4 esp6 rxrpc 2>/dev/null || true

The first command writes a modprobe configuration that causes any future load attempt for esp4, esp6, or rxrpc to be redirected to /bin/false, preventing auto-load when a userspace process opens
the corresponding socket family. The second command unloads the modules if they are currently resident in the kernel.

Reboot may be required.

Impact of Mitigation

Blocking the esp4, esp6, and rxrpc modules do not affect:

  • CGA proxy or connector services

  • SSH, TLS, or VPN functionality used by CGA (CGA does not use kernel IPsec)

  • dm-crypt/LUKS disk encryption

  • Any standard cryptographic operations on the virtual appliance

Verification

After applying remediation:

#Confirm the blocklist file is in place cat /etc/modprobe.d/dirtyfrag.conf #Expected output: #install esp4 /bin/false #install esp6 /bin/false #install rxrpc /bin/false #Confirm vulnerable modules are not loaded lsmod | grep -E 'esp4|esp6|rxrpc' #Expected: no output #Confirm modules cannot be auto-loaded modprobe -n -v esp4 modprobe -n -v esp6 modprobe -n -v rxrpc #Expected: each command prints "install /bin/false" #Check kernel version uname -r

Security Testing

Do NOT run public proof-of-concept exploits in production environments. Use test or staging environments to validate that remediation was applied correctly.

Contact

For questions regarding this advisory, contact Barracuda Networks Technical Support.

This advisory will be updated as additional information becomes available.

We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.