Security Patches for "Copy Fail" and "Copy Fail 2 Dirtyfrag" Vulnerabilities
Security Patches for "Copy Fail" and "Copy Fail 2 Dirtyfrag" Vulnerabilities
In the past week, two significant Linux kernel vulnerabilities, collectively known as Copy Fail and Copy Fail 2 Dirtyfrag, have been identified. Both flaws concern how the kernel handles memory and cache, posing a risk especially for multi-user systems and containerized environments.
What is it about?
This pair of vulnerabilities exploits logic errors in the Linux kernel that have been appearing in systems incrementally since 2017.
- Common Risk: Both flaws allow a local attacker to escalate privileges to the root level, gaining full control over the system.
- Differing Exploits: The distinction between them is primarily evident in the published methods of exploitation (exploits). While the first exploit demonstrates a path by modifying the
subinary, the second attacks through the manipulation of the/etc/passwdsystem file.
The impact is critical for:
- HPC Nodes: Where multiple users run tasks on a single machine.
- Containers & Cloud: Since the page cache is shared across the entire system, an attacker in one container can affect the entire host machine.
Current Status in MetaCentrum
Our administrators have taken immediate action to address the situation:
- Managed Machines (HPC, OpenStack Cloud, Kubernetes): All servers directly managed by MetaCentrum (front-end nodes, computing nodes, storage servers) have already been updated and rebooted. These systems are secure, and no action is required on your part.
- User-Managed Servers (OpenStack and VMware): If you operate your own instances in the cloud (OpenStack) or virtual servers in VMware where you have administrative (root) access, you must patch these machines yourself.
URGENT: MetaCentrum administrators do not have access to your private cloud instances. Please perform a kernel update and system reboot as soon as possible.
Links to common Linux distributions:
- Debian: Security Tracker CVE-2026-31431
- Red Hat Enterprise Linux: RHEL Security Portal
- SUSE: SUSE CVE Database
- Ubuntu: Ubuntu Security Notices
Ivana Křenková, Mon May 11 21:40:00 CEST 2026