Gentoo Linux reports on the Copy Fail, Dirty Frag, and Fragnesia kernel vulnerabilities, noting that they have patched supported kernels and advising users to upgrade.
# Copy Fail, Dirty Frag, and Fragnesia kernel vulnerabilities – Gentoo Linux
Source: [https://www.gentoo.org/news/2026/05/19/copy-fail-fragnesia-vulnerabilities.html](https://www.gentoo.org/news/2026/05/19/copy-fail-fragnesia-vulnerabilities.html)
[](https://packages.gentoo.org/packages/sys-kernel/gentoo-kernel)
The Linux kernel has recently been facing a series of discovered privilege escalation vulnerabilities, starting with the[Copy Fail](https://copy.fail/)vulnerability and followed by subsequent vulnerabilities in the same spirit \([Dirty Frag](https://github.com/V4bel/dirtyfrag),[Fragnesia](https://github.com/v12-security/pocs/tree/main/fragnesia)\)\. This development is part of a general trend where vulnerabilities are being found \- and disclosed \- faster than before\. We expect it to continue, at least for the short\-term\.
The Gentoo Linux Kernel and Distribution Kernel teams are doing their best to keep Gentoo kernels secure\. This includes both packaging the latest upstream releases as soon as possible, and backporting additional vulnerability fixes or mitigations whenever they become available\. As example, while upstream kernel releases are still vulnerable to Fragnesia, the respective Gentoo kernels feature fixes from day one\. At the time of writing, all supported Gentoo kernels feature the latest Fragnesia v5 patch\. Please expect more updates\. We recommend exploring ways to automate upgrading your kernel\.
Please note that only[sys\-kernel/gentoo\-kernel](https://packages.gentoo.org/packages/sys-kernel/gentoo-kernel),[sys\-kernel/gentoo\-kernel\-bin](https://packages.gentoo.org/packages/sys-kernel/gentoo-kernel-bin)and[sys\-kernel/gentoo\-sources](https://packages.gentoo.org/packages/sys-kernel/gentoo-sources)packages are security\-supported\. The vanilla kernel packages are vulnerable at the moment\. Other kernel packages may carry fixes, but they usually are slower to be updated\. Additionally, we recommend running the latest kernel version \(~arch or latest stable LTS\), as upstream does not reliably backport security fixes to older versions\.
A report titled 'Dirty Frag' details a universal Linux Local Privilege Escalation (LPE) vulnerability that allows root access on major distributions by chaining two kernel bugs. The disclosure notes that due to a broken embargo, no patches currently exist for this critical security issue.
A report on three serious Linux local privilege escalation vulnerabilities discovered in May 2026, highlighting breakdowns in the disclosure model and implications for production environments.
CVE-2026-31431 (Copy Fail) is a local privilege escalation vulnerability in the Linux kernel affecting all major distributions since 2017, allowing unprivileged users to gain root shell access through a deterministic 4-byte write to any readable file's page cache via the AF_ALG crypto subsystem.
Copy Fail 2 is a proof-of-concept exploit for an unprivileged Linux Local Privilege Escalation (LPE) vulnerability in the kernel's xfrm subsystem, allowing attackers to gain root access on modern distributions.