[OpenAFS] dirtyflag vulnerability and OpenAFS

Jeffrey E Altman jaltman at auristor.com
Fri May 8 04:32:33 PDT 2026 

[Apologies for the duplicate transmission but some of the recipients 
only accept plain text[


Hello Matteo,


OpenAFS does not use the Linux rxrpc module for its network 
communications.  Instead it embeds its own Rx RPC implementation within 
the openafs.ko module.


Linux AFS (kafs) on the other hand relies upon the rxrpc.ko module for 
its network communications.


The mailing list for discussion of Linux AFS and Rx RPC is 
linux-afs at lists.infradead.org.


I've cc'd this message to that list as well as adding the rxrpc.ko 
maintainers.


Jeffrey Altman


On 5/8/2026 4:33 AM, Matteo Fois wrote:
> Good Morning,
> I'm a researcher at ENEA (Italy) and we use the OpenAFS filesystem 
> extensively in our facilities.
> This morning we discovered the dirtyflags vulnerability 
> (https://github.com/V4bel/dirtyfrag 
> <https://github.com/V4bel/dirtyfrag>) and quicky patched our machines.
>
> The patch works by blacklisting and removing the following kernel 
> modules: esp4 esp6 rxrpc
> The last module rxrpc we understand that it's used by OpenAFS 
> (https://docs.kernel.org/networking/rxrpc.html)
>
> We are able to use the filesystem and it seems to be working properly 
> after the patch, but we were wondering if there are more subtle side 
> effects, for example in performance.
> Also we were curious to know what happens if one uses the kafs kernel 
> module instead of the OpenAFS client, does the blacklisted module 
> create any problem?
>
> Thanks,
>
> Matteo
>
>
>
> ------------------------------------------------------------------------
>
> Questo messaggio e i suoi allegati sono indirizzati esclusivamente 
> alle persone indicate e la casella di posta elettronica da cui è stata 
> inviata è da qualificarsi quale strumento aziendale.
>
> La diffusione, copia o qualsiasi altra azione derivante dalla 
> conoscenza di queste informazioni sono rigorosamente vietate (art. 616 
> c.p, D.Lgs. n. 196/2003 s.m.i. e GDPR Regolamento - UE 2016/679).
>
> Qualora abbiate ricevuto questo documento per errore siete 
> cortesemente pregati di darne immediata comunicazione al mittente e di 
> provvedere alla sua distruzione. Grazie.
>
> This e-mail and any attachments is confidential and may contain 
> privileged information intended for the addressee(s) only.
>
> Dissemination, copying, printing or use by anybody else is 
> unauthorised (art. 616 c.p, D.Lgs. n. 196/2003 and subsequent 
> amendments and GDPR UE 2016/679).
>
> If you are not the intended recipient, please delete this message and 
> any attachments and advise the sender by return e -mail. Thanks.
>
> ------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4467 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.infradead.org/pipermail/linux-afs/attachments/20260508/750d30d2/attachment-0001.p7s>

More information about the linux-afs mailing list