On 7 May 2026 a high-severity Linux kernel vulnerability chain, known as Dirty Frag (CVE-2026-43284 and CVE-2026-43500, CVSS 7.8), was publicly disclosed. The flaw chains a page-cache write primitive in the IPsec ESP subsystem (esp4 / esp6) with a second one in the rxrpc module, allowing any unprivileged local user to escalate privileges to root. A working exploit is publicly available and reliably yields root in a single command on every mainstream Linux distribution shipped since 2017, including Debian, Ubuntu, RHEL, AlmaLinux, Rocky, SUSE, Fedora and Arch.
Dirty Frag is the direct successor to Copy Fail (CVE-2026-31431) and is also referred to as "Copy Fail 2". The fix and mitigations applied for Copy Fail do not protect against Dirty Frag, so a separate kernel update is required.
What we have done
Over the past 48 hours we have patched the entire MMITech infrastructure. All hypervisors, internal servers and platform components are now running fixed kernels.
Customers who have a management agreement with us for their Linux VPS or dedicated server have already been upgraded by our engineers. No action is required on your part. Given the severity of this vulnerability and the public availability of a working exploit, we proceeded with the kernel update and reboot without prior individual notice.
What you need to do
If you run a Linux server with us without a management agreement (unmanaged VPS or dedicated server), please update the kernel and reboot as soon as possible. This applies to every Linux distribution, no exceptions.
Typical update commands:
- Debian / Ubuntu:
apt update && apt full-upgrade && reboot - RHEL / AlmaLinux / Rocky / Fedora:
dnf upgrade --refresh && reboot
Need help?
If you are not comfortable performing the upgrade yourself, please open a support ticket and our team will assist you.
