Copy Fail is documented in VSA-2026-013, we don't have one for Dirty Frag yet as we're still investigating XCP-ng side regarding it. For XOA, unattended updates should have installed the patched debian kernel, you just need to reboot it. Debian security tracker states they are both fixed: https://security-tracker.debian.org/tracker/CVE-2026-31431 https://security-tracker.debian.org/tracker/CVE-2026-43284

@afk I’ve got two draft nixpkgs for libvhdi and Xen orchestra from sources respectively, I’ll look into submitting them upstream soon but take a look and feel free to share any feedback xen-orchestra-ce libvhdi.

@AlexanderK said: which is the difference with this? https://github.com/ronivay/XenOrchestraInstallerUpdater Using the above around 5-6 years with no issues at all e.g. XenOrchestraInstallerUpdater does not support Debian 13 yet.

@acebmxer My take on those links: Nested virt is not currently supported by XCP-ng or Vates, but XCP-ng is committed to support nested virt at some time in the future.