Vulnerability Assessment – DirtyFrag and CopyFail – CompanionLink and DejaCloud Sync

Vulnerability Assessment – DirtyFrag (CVE-2026-43284, CVE-2026-43500) and CopyFail (CVE-2026-31431)

Two related Linux kernel local privilege escalation vulnerabilities, dubbed “CopyFail” and “DirtyFrag,” were publicly disclosed in early May 2026. These vulnerabilities affect the kernel’s cryptographic and network subsystems, and in an unprotected environment could allow an unauthorized local user to gain root access to a Linux server. A proof-of-concept exploit was published shortly after disclosure.

Our servers have been assessed for these vulnerabilities. Our standard security protocols prevent this type of access. The remote paths used by these exploits do not exist in our environment.

DirtyFrag:

• Wiz Blog – DirtyFrag Linux Privilege Escalation
• Tenable FAQ – DirtyFrag
• Help Net Security – DirtyFrag

CopyFail:

• Palo Alto Unit42 – CopyFail
• Tenable FAQ – CopyFail
• Wikipedia – Copy Fail