Linux Kernel Vulnerabilities: CopyFail and CopyFail2

Summary of known issues, affected systems, and available remediation

This notice captures the most recent vulnerabilities, but we expect these to be ongoing with new ones emerging at a rapid pace. You can learn more on the CMU Computing Services website:
https://www.cmu.edu/computing/news/2026/discoverying_vulnerabilities.html. 

Overview

Two Linux kernel vulnerabilities were identified that affect systems released from 2017 through current distributions. These vulnerabilities are CopyFail (CVE-2026-31431) and DirtyFrag/CopyFail2 (CVE-2026-43284). Both allow a local user to escalate privileges to root, and public proof of concept exploit code is available.

The new Claude Mythos Preview AI model has reportedly uncovered and created exploits for thousands of previously unknown, critical, and unpatched vulnerabilities affecting major operating systems. As a result, we are now expecting significant security updates to address these issues.

SCS Computing Facilities (SCSCF) is working in partnership with CMU Computing Services and the Information Security Office (ISO) to identify and prioritize system vulnerability mitigation.

Timeline of Events

• April 30, 2026: CopyFail (CVE‑2026‑31431) is disclosed.
• May 7, 2026: DirtyFrag / CopyFail2 (CVE‑2026‑43284) is disclosed.
• Ongoing: Vendors continue releasing patches and guidance; SCS Computing will update remediation guidance as new information becomes available.

What You Need to Do

Systems Enrolled in SCS Software Support

SCS Computing is actively remediating supported systems and no action is required from users at this time. 

Self-Managed Systems or Systems Not Enrolled in SCS Software Support

If you manage your own Linux systems, you will find technical guidance below:

• DirtyFrag / CopyFail2 (CVE-2026-43284): Remediation is available but please read carefully, as this could affect performance or impact software, applications or functionality on your Linux host. 
  • Canonical (vendor) information: 
    • https://ubuntu.com/security/CVE-2026-43500
    • https://ubuntu.com/security/CVE-2026-43284
  • Canonical (vendor) remediation available.
  • RedHat (vendor) Enterprise Linux remediation available.
• CopyFail (CVE-2026-31431): Remediation is available and definitions have been added to security products such as CrowdStrike. 
  • Remediation available.

Additional Resources

• CVE Records:
  • CVE-2026-31431
  • CVE-2026-43284
• ISO Advisory:  View the CopyFail release

Need help?

If you have questions about your system’s support status or need assistance, please contact SCS Computing Facilities at 412‑268‑4231, submit a ticket, or email help@cs.cmu.edu.

We will continue to update this news alert as more information becomes available.