[DirtyFrag] Linux Privilege Escalation Vulnerability

Update timeline

1. investigating May 08, 2026, 01:40 PM UTC

   Akamai is aware of the recently disclosed “DirtyFrag”[1] vulnerability that followed the “CopyFail”[2] disclosure. This vulnerability is very similar in nature and has a similar impact, exploit path, and mitigation approach. We have not observed any related malicious exploits targeting our infrastructure and are continuing to address the vulnerability across our product portfolio and internal systems. As with “CopyFail”, we are advising customers to consider most Linux distributions to be at-risk until patched. Since the “DirtyFrag” vulnerability was disclosed prior to upstream patches having been made available, we are forced to wait for the different OS providers to create new releases or patches before we can integrate them into the versions we make available to customers. As this is a rapidly developing incident, we will provide further information regarding recommended actions, possible mitigations, and OS updates for all customers who may be affected. [1] https://github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md [2] https://www.linode.com/docs/guides/cve-2026-31431-copy-fail-mitigation/

2. investigating May 09, 2026, 02:40 PM UTC

   We have updated our latest Linode kernel to version 7.0.5, which contains the upstream fix from kernel.org for the DirtyFrag vulnerabilities as well as the previous fixes for the recent CopyFail vulnerability. This kernel is available in Cloud Manager and we recommend customers using the Linode-compiled kernel update their configurations to this kernel. We are in parallel tracking the upstream Linux distributions and will provide another update when fixed versions have been released. Note: Due to metadata caching, the Cloud Manager interface for some users may still show the “latest” kernel as 7.0.3; selecting “latest” will, however, get you version 7.0.5 as of this writing.

3. investigating May 15, 2026, 05:28 PM UTC

   We are responding to the publication of the most recent variation of the CopyFail[1] adjacent vulnerabilities “DirtyFrag” and “Fragnesia” with additional updates while we wait for upstream OS providers to release patches. Please see our detailed advisory[2] for more information on the current status, possible mitigation mechanisms, and our recommended actions. We will provide another update when more OS images have been updated and/or additional attack vectors are discovered. [1] https://www.linode.com/docs/guides/cve-2026-31431-copy-fail-mitigation/ [2] https://www.linode.com/docs/guides/dirty-frag-mitigation/

4. investigating Jun 05, 2026, 08:23 PM UTC

   We are responding to the publication of the most recent variation of the CopyFail[1] adjacent vulnerabilities “DirtyFrag” and “Fragnesia” with additional updates while we wait for upstream OS providers to release patches. Please see our detailed advisory[2] for more information on the current status, possible mitigation mechanisms, and our recommended actions. We will provide another update when more OS images have been updated and/or additional attack vectors are discovered. [1] https://www.linode.com/docs/guides/cve-2026-31431-copy-fail-mitigation/ [2] https://www.linode.com/docs/guides/dirty-frag-mitigation/