Patreon Logo Support us on Patreon to keep GamingOnLinux alive. This ensures all of our main content remains free for everyone. Just good, fresh content! Alternatively, you can donate through PayPal Logo PayPal. You can also buy games using our partner links for GOG and Humble Store.
We use affiliate links to earn us some pennies. Learn more.

Linux security flaws Dirty Frag and Copy Fail are a good reminder to stay up to date

By -
9 comments

Last updated: 8 May 2026 at 8:46 am UTC

Have you run your Linux distribution updates recently? You probably should, because Dirty Frag and Copy Fail are coming for you. Two major Local Privilege Escalation (LPE) security issues have been revealed in a short time, which is not ideal.

For Copy Fail that was revealed at the end of April the website notes it simply enough for you "An unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root" - pretty bad. There's thankfully some patches rolling out across different distributions for it.

And now we also have Dirty Frag, which has been fully revealed early due to an embargo being broken and so Linux distribution developers will need to scramble to get patches ready for it. The impact is very similar to Copy Fail, enabling an attacker to gain root access to your system to do whatever they feel like.

However, a quick workaround (taken from the Dirty Frag disclosure) can be done as noted to protected yourself via terminal:

sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; echo 3 > /proc/sys/vm/drop_caches; true"

This is a special case, because no current patches exist. It should be fine to run on any distribution.

Keep a close eye on updates coming in over the next week, you're going to need them.

Article taken from GamingOnLinux.com.
Tags: Security, Distro News, Kernel, Misc, Open Source
7 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can follow me personally on Mastodon [External Link].
See more from me
Some you may have missed, popular articles from the last month:
DRAGON BALL XENOVERSE 3 gets formally announced
Ubuntu 26.04 ('Resolute Raccoon') LTS is out now
Free creepy Aliens fan game Aliens: Redacted REDUX released
Tower defense meets roguelite progression in Infamous Keepers from the Legend of Keepers devs
All posts need to follow our rules. Please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Readers can also email us for any issues or concerns.
9 comments

Maki 7 hours ago
Note that both vulnerabilities are for a local user to gain root access.

They're being blown up out of proportion, if you ask me. And I'm not happy at all about the tools used to find them or the methods to reveal them before a patch could be written and distributed.
PlayingOnLinuxphone 6 hours ago
User Avatar
From the [issues](https://github.com/V4bel/dirtyfrag/issues) it seems Debian 12 is not affected, 13 and 14 are. I cannot say how trustworthy. The one-line-command also deletes the compromised cache, so infected systems should be clean after that command (if no malware got installed) if I understand it correctly. After this command it is still required to update once your distro delivers a patch. It seems the disclosure went wrong and got published too early, so distros may take a bit longer to deliver a patch than usual.
Eike 6 hours ago
  • Supporter Plus
Quoting: MakiNote that both vulnerabilities are for a local user to gain root access.
Isn't that what privilege escalation is all about?
You got to local user, then you enhance your rights and become root.
I mean, it's not like "local user" means someone has to sit at your keyboard...

Last edited by Eike on 8 May 2026 at 9:34 am UTC
Ehvis 3 hours ago
User Avatar
  • Supporter Plus
Quoting: Eike
Quoting: MakiNote that both vulnerabilities are for a local user to gain root access.
Isn't that what privilege escalation is all about?
You got to local user, then you enhance your rights and become root.
I mean, it's not like "local user" means someone has to sit at your keyboard...
No, but someone still needs to have a local user account. So this is a big problem for multi-user systems. But I imagine most of us operate their home machine for themselves only, so for most of "us" it's not immediately exploitable.
ShabbyX 3 hours ago
Quoting: Ehvis
Quoting: Eike
Quoting: MakiNote that both vulnerabilities are for a local user to gain root access.
Isn't that what privilege escalation is all about?
You got to local user, then you enhance your rights and become root.
I mean, it's not like "local user" means someone has to sit at your keyboard...
No, but someone still needs to have a local user account. So this is a big problem for multi-user systems. But I imagine most of us operate their home machine for themselves only, so for most of "us" it's not immediately exploitable.
It means someone has to run something locally, which you the single user do all the time.

However that something must be untrustworthy for there to be a threat. Most of what you use is from distro packages, so should be fine. Steam games aren't (closed source), so you just have to cross your fingers and trust the developer.

What you should never do, is download random binaries off of the internet and run them (because what is this, windows?)

Last edited by ShabbyX on 8 May 2026 at 12:11 pm UTC
Ehvis 3 hours ago
User Avatar
  • Supporter Plus
Quoting: ShabbyXHowever that something must be untrustworthy for there to be a threat. Most of what you use is from distro packages, so should be fine. Steam games aren't (closed source), so you just have to cross your fingers and trust the developer.
True, but the funny thing is. Can those really do much more damage with a "Fail" or a "Frag" than they could do without it? If you're serious about security and do everything you can to separate things, the answer would be yes. But in practice it is most likely a no.
LoudTechie 2 hours ago
Quoting: Ehvis
Quoting: ShabbyXHowever that something must be untrustworthy for there to be a threat. Most of what you use is from distro packages, so should be fine. Steam games aren't (closed source), so you just have to cross your fingers and trust the developer.
True, but the funny thing is. Can those really do much more damage with a "Fail" or a "Frag" than they could do without it? If you're serious about security and do everything you can to separate things, the answer would be yes. But in practice it is most likely a no.
If you run a virus scanner it will most likely keep the Anti-virus killer at bay.
Tor-browser and if I remember correctly firefox have their own download folder sandboxing.
Apache sandboxes itself.
Python enforces sandboxing beyond calling user.
All flatpacks are sandboxed beyond calling user.
It's true that not all sandoxed perectly and obtaining user access is already a great breach, but if you want to have an indication what it limits simply run
 cat /etc/passwd
Each of the lines is a seperate user, which when it obtains root access suddenly can read your files.

Edit:
With the exception of root and your personal account ofcourse.

Last edited by LoudTechie on 8 May 2026 at 1:42 pm UTC
LoudTechie 1 hour ago
Copy Fail was for me a big thing, because it's for so far I can remember the first Linux specific n-day vulnerability that showed commoditization.

Explanation:
I've seen many attacks and attack attempts on Linux specific things.
The others all used zero-days.
This is the first time I see miscreants use an n-days in the Linux ecosystem.
I suspect this proofs I don't run an anti-virus scanner company, because it probably has happened before.
Yet, I don't know these examples.
Kimyrielle 56 minutes ago
User Avatar
Quoting: MakiNote that both vulnerabilities are for a local user to gain root access.

They're being blown up out of proportion, if you ask me. And I'm not happy at all about the tools used to find them or the methods to reveal them before a patch could be written and distributed.
I would caution against calling this "out of proportion". I think people wrongly assume that a "local" user has be at your keyboard to do damage. This is NOT the case. Everything you run is a "local" user, namely the account you typically work with. In this world of dependency hell, all it takes is a supply-chain attack. Someone could easily sneak some code into something you download and execute with your local privileges, and boom, you're toast.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon Logo Patreon. Plain Donations: PayPal Logo PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register
Register Forgot Login?
★ Support Us
Popular this week
Search or view by category
Contact
Latest Guides
MorrowindHow to setup OpenMW for modern Morrowind on Linux / SteamOS and Steam Deck
By Liam Dawe,
11
Hollow Knight: SilksongHow to install Hollow Knight: Silksong mods on Linux, SteamOS and Steam Deck
By Liam Dawe,
1
> View more Tips & Guides
Recently Updated
Buy Games
Buy games with our affiliate / partner links:
Latest Forum Posts
Misc