XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    XOA vulnerabilty to "copy fail" and "dirty frag" bug

    Scheduled Pinned Locked Moved XCP-ng
    2 Posts 2 Posters 13 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • rvreugdeR Offline
      rvreugde
      last edited by rvreugde

      There is currently a lot of discussion about the "Copy Fail" vulnerability and the "Dirty Frag" vulnerability.

      Copy Fail: https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html
      Dirty Frag: https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html

      Are the XOA appliance (which is based on Debian 12) and XCP-ng vulnerable to these issues?

      Should we take any additional mitigation measures?

      From what I understand, most Linux distributions already provide a kernel patch for the Copy Fail vulnerability. However, at the time of writing, patches for Dirty Frag do not yet seem to be widely available.

      1 Reply Last reply Reply Quote 0
      • bleaderB Offline
        bleader Vates 🪐 XCP-ng Team
        last edited by

        Copy Fail is documented in VSA-2026-013, we don't have one for Dirty Frag yet as we're still investigating XCP-ng side regarding it.

        For XOA, unattended updates should have installed the patched debian kernel, you just need to reboot it.

        Debian security tracker states they are both fixed:

        • https://security-tracker.debian.org/tracker/CVE-2026-31431
        • https://security-tracker.debian.org/tracker/CVE-2026-43284
        1 Reply Last reply Reply Quote 0

        Hello! It looks like you're interested in this conversation, but you don't have an account yet.

        Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

        With your input, this post could be even better 💗

        Register Login
        • First post
          Last post