AlmaLinux: Dirty Frag (CVE-2026-43284, CVE-2026-43500) vulnerability fix is ready
AlmaLinux has released updated kernels which deal with these issues.
Follow-up: AlmaLinux Releases Updated Kernels for Dirty Frag & Copy Fail 2 in Testing
Updated 2026-05-08 15:22 UTC — The patched kernels are now rolling out to production repositories/mirrors.
Just one day after the public disclosure of the Dirty Frag and Copy Fail 2 vulnerabilities, AlmaLinux has already made patched kernels available in their production repositories.
Quick Action from AlmaLinux
In an impressive display of responsiveness, the AlmaLinux team has backported the upstream fix (mainline commit f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4) to all supported branches and pushed the updated kernels. This follows their equally swift handling of the original Copy Fail vulnerability last week.
Read AlmaLinux's official announcement here.
What This Means for BlueOnyx Users
While our swatch mitigation (blacklisting esp4/esp6 modules) continues to provide immediate, no-reboot protection, the availability of proper kernel fixes from AlmaLinux is excellent news. Once these kernels move to production repositories, the module blacklist can be safely removed and an updated "swatch" RPM will do so at a later time.
We continue to recommend applying the current swatch hotfix on all BlueOnyx systems (5210R, 5211R, and 5212R) as the primary defense until the patched kernels are widely available and thoroughly tested.
Praise to the AlmaLinux team for moving faster than many commercial distributions and getting fixes into community hands this quickly. Their proactive approach with the testing repository helps the entire ecosystem stay ahead of these emerging LCE threats.
Stay tuned for further updates as AlmaLinux promotes these kernels to stable and as we coordinate removal of the temporary mitigations on BlueOnyx.
Questions? Join us on the BlueOnyx Discord or our mailing list.