<![CDATA[XOA vulnerabilty to "copy fail" and "dirty frag" bug]]>There is currently a lot of discussion about the "Copy Fail" vulnerability and the "Dirty Frag" vulnerability.

Copy Fail: https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html
Dirty Frag: https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html

Are the XOA appliance (which is based on Debian 12) and XCP-ng vulnerable to these issues?

Should we take any additional mitigation measures?

From what I understand, most Linux distributions already provide a kernel patch for the Copy Fail vulnerability. However, at the time of writing, patches for Dirty Frag do not yet seem to be widely available.

]]>https://xcp-ng.org/forum/topic/12204/xoa-vulnerabilty-to-copy-fail-and-dirty-frag-bugRSS for NodeSat, 09 May 2026 12:58:08 GMTSat, 09 May 2026 10:49:46 GMT60<![CDATA[Reply to XOA vulnerabilty to "copy fail" and "dirty frag" bug on Sat, 09 May 2026 11:30:46 GMT]]>Copy Fail is documented in VSA-2026-013, we don't have one for Dirty Frag yet as we're still investigating XCP-ng side regarding it.

For XOA, unattended updates should have installed the patched debian kernel, you just need to reboot it.

Debian security tracker states they are both fixed:

]]>https://xcp-ng.org/forum/post/105237https://xcp-ng.org/forum/post/105237Sat, 09 May 2026 11:30:46 GMT