Mitigating "Copy Fail" and "Dirty Frag" vulnerabilities on DietPi

MichaIng · 4 May 2026 20:21

Please read this info about mitigating CVE-2026-31431 aka “Copy Fail” on DietPi:

github.com/MichaIng/DietPi

Mitigating "Copy Fail" and "Dirty Frag" vulnerabilities on DietPi

opened 04:12PM - 01 May 26 UTC

AdamF100001

Solution available

Kernel related

Security

Package update

## ADMIN EDIT The two major recent Linux vulnerabilities are: - CVE-2026-31431 a…ka ["Copy Fail"](https://copy.fail/) - CVE-2026-43284 and CVE-2026-43500 aka ["Dirty Frag"](https://github.com/V4bel/dirtyfrag) We pushed updates for all our kernel packages. For the SBCs with too old frozen Linux version, the affected kernel modules have been removed. The Raspberry Pi stable branch was just bumped to Linux 6.18.29 an hour ago: https://github.com/raspberrypi/firmware/commits/stable/ I do not see it in the repo yet, but should be merged within the next hour(s). Hence, all that needs to be done now is: ```sh sudo apt update sudo apt full-upgrade # "full" needed for our linux-dtb + linux-image package merger on Armbian-based builds sudo reboot ``` If, after the reboot, the Linux version is still below v7.0.6, v6.18.29, v6.12.87 (or v6.12.86 on x86_64, which has a backported patch), v6.6.138, v6.1.172, respectively, verify that the modules are not available: ```sh modinfo algif_aead esp4 esp6 rxrpc ``` In case you use a custom kernel that is too old and still has one of the above modules available, prevent them from being loaded like that: ```sh printf 'install algif_aead /bin/false\nblacklist algif_aead\n' | sudo tee /etc/modprobe.d/copyfail.conf printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' | sudo tee /etc/modprobe.d/dirtyfrag.conf printf 'blacklist esp4\nblacklist esp6\nblacklist rxrpc\n' | sudo tee -a /etc/modprobe.d/dirtyfrag.conf sudo modprobe -r algif_aead esp4 esp6 rxrpc echo 3 | sudo tee /proc/sys/vm/drop_caches ``` _________________ Hi All, Just a quick question when will Copy Fail CVE-2026-31431 be patched in DietPi? Thanks