Linux Kernel: "Copy Fail" & "Dirty Frag" CVEs patched
G’day,
Please note we’ve upgraded CloudLinux kernels to 4.18.0-553.123.2.lve.el8.x86_64 to patch both:
-
“Copy Fail”
CVE-2026-31431(CVSS 3.x: 7.8 HIGH) https://nvd.nist.gov/vuln/detail/CVE-2026-31431 -
“Dirty Frag”
CVE-2026-43284 / 43500(7.8 HIGH) https://nvd.nist.gov/vuln/detail/CVE-2026-43284
The upgraded kernels (in runtime via reboot) now take over from KernelCare live patching updates before.
We’ve waited until these were pushed to stable and not subsequently revoked, which is now the case.
Please let us know if you’ve any concerns with regard to these security upgrades and reboots.
Now we’re in the AI era (look up “Project Glasswing” etc), expect more CVEs to drop soon.
Cheers,
Merlot Digital
3 Serviços afetados:
- Servers & WHMCS / Managed Servers (KVM VPS)
- Servers & WHMCS / Managed WHMCS (Client)
- TNC & Merlot (Internal) / my.Merlot (Self-service 24/7)
The Network Crew Pty Ltd (TNC)
Network: AS138521