Rapidly Emerging Vulnerabilities

CopyFail2 / DirtyFrag Vulnerability

Latest Critical Security Vulnerability – "DirtyFrag" / "CopyFail 2". This is the latest in what researchers expect to be a string of identified vulnerabilities affecting institutional and the public infrastructure running Linux operating system variants. 

This notice captures the most recent of the related vulnerabilities but we expect these to be ongoing with new ones emerging at a rapid pace.

ADVISORIES: https://www.cve.org/CVERecord?id=CVE-2026-43284 ; https://www.cve.org/CVERecord?id=CVE-2026-43284

ISO ADVISORY: View the most up‑to‑date ISO release 

PLATFORMS AFFECTED: Linux kernels distributed from 2017 up to current are likely impacted.

SEVERITY: Urgent

IMPACT: Local Privilege Escalation with published Proof-of-Concept (PoC) code

What's happening

On April 30, 2026, ISO released a critical security vulnerability notification "Critical Security Vulnerability – CopyFail (CVE-2026-31431)". [5] During the afternoon of May 7, 2026, a second local privilege escalation vulnerability with similar impact and ease of exploitation to the CopyFail vulnerability was disclosed. This exploit is putatively termed "DirtyFrag" or "CopyFail 2".

Proof-of-concept (PoC) exploit code enabling a local user to establish root privileges via the subinary was published in parallel with the vulnerability disclosure. This exploit abuses vulnerabilities in the esp4, esp6, and rxrpc kernel modules. The exploits published in this release do not require a chaining of weaknesses in the modules to establish privilege escalation; depending on the configuration of the local Linux environment, either of the esp- or rxrpc-based exploit paths may be viable to establish root privileges.

More information:

The new Claude Mythos Preview AI model has reportedly uncovered and created exploits for thousands of previously unknown, critical, and unpatched vulnerabilities affecting major operating systems. As a result, we are now expecting significant security updates to address these issues.

SCS Computing Facilities (SCSCF) is working in partnership with CMU Computing Services and the Information Security Office (ISO) to identify and prioritize system vulnerability mitigation while we await vendor resolution. 

Systems without CrowdStrike are being prioritized due to reduced visibility into potential exploitation. Systems with CrowdStrike may have additional monitoring coverage in the interim. If you are unsure whether your CMU-owned system has Crowdstrike intalled, contact us for more information.

What you need to do

Systems Enrolled in SCS Software Support

SCSCF is actively remediating supported systems and no action is required from users at this time. 

Self-Managed Systems or Systems Not Enrolled in SCS Software Support

If you manage your own Linux systems, you will find technical guidance below as these exploits are revealed and mitigation is available.

• DirtyFrag / CopyFail2 (CVE-2026-43284): Remediation is available but please read carefully, as this could affect performance or impact software, applications or functionality on your Linux host. 
  • Canonical (vendor) information: 
    • https://ubuntu.com/security/CVE-2026-43500
    • https://ubuntu.com/security/CVE-2026-43284
  • Canonical (vendor) remediation available.
  • RedHat (vendor) Enterprise Linux remediation available.
• CopyFail (CVE-2026-31431): Remediation is available and definitions have been added to security products such as CrowdStrike. 
  • Remediation available.

Need help?

If you have questions about your system’s support status or need assistance, please contact SCS Computing Facilities at 412‑268‑4231, submit a ticket, or email help@cs.cmu.edu.

We will continue to update this news alert as more information becomes available.