Cycle Logo
Industry

'Copy/Fail' and 'Dirty Frag' Linux Vulnerabilities Are Already Patched on Cycle

Alexander Mattoni , Head of Engineering / Co-Founder
'Copy/Fail' and 'Dirty Frag' Linux Vulnerabilities Are Already Patched on Cycle

There have been TWO major kernel vulnerabilities announced this week.

Copy-Fail (CVE-2026-31431) was announced on April 30th. Dirty Frag (CVE-2026-43284) , also known as 'Copy Fail 2: Electric Boogaloo' announced literally hours ago. Both have already been patched on Cycle, and our users can receive this update simply by restarting their nodes.

The Linux patch was released less than an two hours ago, and we're the first to get it to our customers.

A New Era of Linux Kernel Vulnerabilities

We're living in a new age. I'm waking up what seems like every day to a potentially devastating security flaw. Is AI to blame? Who knows, but the reality is that anyone running something important on a server needs to be weary.

These two new vulnerabilities found this week in the Linux kernel allow anyone with unprivileged user access on a machine to gain root access. The good news is that they need that permission in the first place, which limits attack surface. The bad news is, they've been around for nearly a decade, and can cause container escapes.

There are two main concerns that drove us to patch these vulnerabilities as soon as a fix was available:

  • If someone is running untrusted code outside of a VM on Cycle, they could be vulnerable.
  • If there is another vulnerability somewhere that allows someone to gain unprivileged user access remotely, they could utilize this flaw to elevate to root level permissions on the host.

Given the wide range of use-cases for teams using Cycle, we needed to patch this ASAP.

CycleOS Is Patched - Reboot to Get The Latest Kernel

For most updates, users don't need to reboot their servers - Cycle ships these updates seamlessly behind the scenes. Kernel patches, unfortunately, require a restart of the host machine to be updated.

How does a simple restart protect me?

CycleOS is loaded into RAM when a node connected to the platform boots. It's ephemeral and locked down on purpose, specifically for these kinds of incidents. The only thing we write to disk is some identifying information on the node, container images, and container volumes. When the node reboots, the latest version of CycleOS is downloaded over the internet and used to boot the server.

In practice, this means you can simply reboot your nodes, it'll download the latest OS and boot, and they'll be protected from these known vulnerabilities.

Our team is constantly on the lookout for major security issues and preemptively updating our software and the linux kernel as quickly as possible.

How Do I Restart My Cycle Node?

Restarting a node on Cycle is easy:

  1. In the Portal, click "Infrastructure" on the sidebar on the left.
  2. From the dropdown at the top, select the node you want to restart.
  3. Click the 'Settings' tab.
  4. Click the "Advanced" dropdown in the "Controls" panel on the right
  5. Click "Soft Restart Server". (Or if it's a virtual provider server, just "Restart Server" - these do the same thing.)

The node will come back online within a few minutes.

This WILL cause downtime for containers on that server!

Make sure you are running any containers that are sensitive to downtime in high availability, and only restart one server at a time. That will minimize any impact.

Need Assistance?

Our team is always here to help. If you have any questions on the above, or need any help, please don't hesitate to reach us on Slack. We're also available at support@cycle.io.

Next Up

Human First, AI Second: Cycle's Approach to AI Coding in 2026

AI coding is reshaping engineering, but blindly vibe coding production systems is causing outages and breaches. Learn why Cycle takes a human-first approach to AI — and where to draw the line between acceleration and architectural intent.

Top 10 Container Orchestration Tools & Platforms Worth Checking Out in 2026

Not sure which container orchestration platform is right for your team? Compare Kubernetes, ECS, Cycle.io, Nomad, and more to find the best fit for your stack in 2026.

Rise of the Neocloud: Top 10 Providers and Adoption Trends

Discover how a new wave of 'neocloud' providers—like Vultr, CoreWeave, and Hetzner—are challenging hyperscalers with better pricing, performance, and flexibility, driving a major shift in cloud adoption.

🍪 Help Us Improve Our Site

We use first-party cookies to keep the site fast and secure, see which pages need improved, and remember little things to make your experience better. For more information, read our Privacy Policy.