UpCloud responds to the “Copy Fail” and “Dirty Frag” Local Root Vulnerability exploits
-
About
- Type
- Blog
A new and easily exploitable “Copy Fail” local root vulnerability was identified on April 29, 2026, impacting all Linux deployments. Due to its simplicity compared to typical Local Root Exploits (LREs), systems with untrusted local users are at the highest risk. Updates are required for all Cloud Servers using any Linux distribution including Managed Kubernetes worker nodes.
The UpCloud platform itself is unaffected by this issue. The nature of the exploit does not permit any form of virtual machine escape, which means a customer’s Cloud Server cannot be used to compromise the underlying host system or gain unauthorized access to other customers’ data or Cloud Servers. We can confirm the integrity and isolation of our Cloud Servers remain intact.
We will update the public templates for Linux distributions with the necessary mitigation patches as soon as they are made available by the respective distribution’s package maintainers. These updates will automatically apply to all new server deployments.
Updating existing Cloud Server operating systems to patch the vulnerability is at the user’s responsibility. We urge all users to update their systems as soon as patches become available.
Full details about the exploit can be found from https://copy.fail/
You ARE affected if:
- You have a Linux server that was installed in 2017 or later.
You are at higher risk if:
- Your system has local untrusted users, or
- It is a shared environment with multiple users, or
- Your system allows remote code execution by unprivileged users.
You are NOT affected if:
- Your server is running a non-Linux operating system, such as Windows Server.
What do I need to do
To ensure the security, stability, and optimal performance of your Linux-based system, it is crucial to consistently keep the system up-to-date with the latest patches and security fixes.
This process involves fetching and installing the latest versions of all installed software packages, including the core Linux kernel.
Recommended procedures
| Distribution Family | Command for Update Check and Download | Command for Applying Updates |
|---|---|---|
| Debian/Ubuntu | sudo apt update | sudo apt upgrade |
| Alma/CentOS/Fedora/Rocky | sudo dnf check-update or sudo yum check-update | sudo dnf upgrade or sudo yum update |
Mitigating this vulnerability requires the system to be restarted after applying the patches.
Maintaining an up-to-date system is not a one-time operation but a continuous practice that must be integrated into the system administration routine.
UPDATE: New “Dirty Frag” Vulnerability
A new security flaw called Dirty Frag has been discovered that is closely related to the “Copy Fail” exploit described above. Like Copy Fail, this vulnerability allows a regular user to gain full administrative (root) control over a Linux system.
What you should do:
The most important step is to update your Linux kernel as soon as patches are available.
Patch release status
| Distribution | Status |
|---|---|
| AlmaLinux | Alma 9 & 10 updated |
| CentOS Stream | CentOS 10 updated |
| Debian GNU/Linux | Debian 12 & 13 updated |
| Fedora Linux | Fedora 42 & 43 updated |
| Rocky Linux | Rocky Linux 9 & 10 updated |
| Ubuntu | Ubuntu 22.04 Updated Ubuntu 24.04 Updated Ubuntu 26.04 not affected |
| Managed Kubernetes | Kubernetes 1.28, 1.29, 1.30, 1.31, 1.32, 1.32 & 1.35 templates updated |
