Please read this info about mitigating CVE-2026-31431 aka “Copy Fail” on DietPi:
## ADMIN EDIT
The two major recent Linux vulnerabilities are:
- CVE-2026-31431 a… ka ["Copy Fail"](https://copy.fail/)
- CVE-2026-43284 and CVE-2026-43500 aka ["Dirty Frag"](https://github.com/V4bel/dirtyfrag)
We pushed updates for all our kernel packages. For the SBCs with too old frozen Linux version, the affected kernel modules have been removed.
The Raspberry Pi stable branch was just bumped to Linux 6.18.29 an hour ago: https://github.com/raspberrypi/firmware/commits/stable/
I do not see it in the repo yet, but should be merged within the next hour(s).
Hence, all that needs to be done now is:
```sh
sudo apt update
sudo apt full-upgrade # "full" needed for our linux-dtb + linux-image package merger on Armbian-based builds
sudo reboot
```
If, after the reboot, the Linux version is still below v7.0.6, v6.18.29, v6.12.87 (or v6.12.86 on x86_64, which has a backported patch), v6.6.138, v6.1.172, respectively, verify that the modules are not available:
```sh
modinfo algif_aead esp4 esp6 rxrpc
```
In case you use a custom kernel that is too old and still has one of the above modules available, prevent them from being loaded like that:
```sh
printf 'install algif_aead /bin/false\nblacklist algif_aead\n' | sudo tee /etc/modprobe.d/copyfail.conf
printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' | sudo tee /etc/modprobe.d/dirtyfrag.conf
printf 'blacklist esp4\nblacklist esp6\nblacklist rxrpc\n' | sudo tee -a /etc/modprobe.d/dirtyfrag.conf
sudo modprobe -r algif_aead esp4 esp6 rxrpc
echo 3 | sudo tee /proc/sys/vm/drop_caches
```
_________________
Hi All,
Just a quick question when will Copy Fail CVE-2026-31431 be patched in DietPi?
Thanks
There was a third related flaw reported. Fragnesia: pocs/fragnesia at main · v12-security/pocs · GitHub
Jappe
14 May 2026 17:09
6
https://github.com/v12-security/pocs/tree/main/fragnesia#mitigation
Mitigation
Same as dirtyfrag.
All versions affected by dirtyfrag are affected.
Any versions without this patch: netdev - [PATCH net] net: skbuff: preserve shared-frag marker during coalescing , so Linux kernels before May 13 2026.
So I guess if you have the patch you are also safe from that bug.
Never ending story
I don’t think so (unless you blacklisted the kernel modules, of course): It affects the same kernel modules, but the patch for Dirty Frag does not fix Fragnesia. Our Linux 7.0 and 6.18 builds do ship with the modules, since they were patched to mitigate Dirty Frag (and Copy Fail).
It mentions:
Any versions without this patch: netdev - [PATCH net] net: skbuff: preserve shared-frag marker during coalescing , so Linux kernels before May 13 2026.
The problem is: I do not see this patch in any upstream branch, so this sentence is contradicting. If the linked patch is needed, all Linux branches are vulnerable, and it would be a premature disclosure. Basically raised here: What happened to the information embargo? · Issue #5 · v12-security/pocs · GitHub
But in another issue, people have a hard time to replicate it on kernel versions which have Dirty Frag patched, also since there seems to be at least one bug in the test/exploit program. We need to have a close eye on this, and Linux commits. There was a Linux release 4 hours ago, but it does not contain the patch mentioned in the Fragnesia repo.
.