launchtimevps.com - Cloud VM servers from RimuHosting

Home > Control panel > Operations notices > Linux kernel vulnerability requiring VM restarts (Dirtyfrag)

Related Links

Notice Links:

Notice

Linux kernel vulnerability requiring VM restarts (Dirtyfrag)

Posted	Fri, 8 May 2026 08:21 AM UTC Fri, 8 May 2026 04:21 AM EDT
Last Update	Mon, 11 May 2026 23:46 PM UTC (12 hours ago) Mon, 11 May 2026 19:46 PM EDT
Status	Open
Mon, 11 May 2026 23:40 PM UTC: Because this is a serious privilege escalation issue and public exploit code is available. For VPSs running one of our LTS kernels that have not already been restarted, We will do so from May 12th 00:00 UTC. The restart should be a normal VM reboot. Your VM will be unavailable while it restarts. If you want to control the timing, please restart your VM before then. If you do not want us to restart your VM, please open a support ticket and ask us to add this tag to your server notes: `#noautokernelfix` Please note that opting out means your VM may continue running a vulnerable kernel until you restart it yourself with a safe kernel. --- Mon, 11 May 2026 22:44 PM UTC: Updated kernels for the 4.14 series are now on our hosts. These do not have an upstream patch. Instead the issue has been mitigated by disabling affected kernel components. Servers on one of our 4.14 kernels that use ESP packet functionality (ie for ipsec tunnels), should try one of our newer LTS kernels. Fixed 4.14 kernels will show a build date as described below, of 20260511 or newer. --- A serious Linux kernel vulnerability has been publicly disclosed: https://github.com/V4bel/dirtyfrag This issue has been allocated CVE-2026-43284, also known as Dirtyfrag. The issue affects most Linux kernels released in the last decade. It allows a local unprivileged user or process to gain root privileges. In practical terms, if an attacker has access to run code inside a VM, for example through a compromised website, shell account, or application, this bug may allow them to take full control of that VM. Where a server is using a modular kernel, you should check with the distributor as soon as possible for update and mitigation steps. We have released patched VM kernels to our hosts. A reboot will be required to use that. We recomend you restart your server as soon as possible to adopt an updated kernel. They should be restarted from our control panel. Control panel restart: https://rimuhosting.com/cp/vps/restart.jsp Kernel selection page: https://rimuhosting.com/cp/vps/kernel.jsp You can verify which kernel your VM is running using the command 'uname -r', it will look something like this...: 6.12.0-really87-rh-20260508114817.xenU.x86_64 Patched kernels will show a build date of 20260508 or newer. Those digits are the date: 2026 May 8th. We are continuing to assess this vulnerability and will be providing updates and further recomendations here. Please subscribe to this notice for updates. #

Keep You Updated?

Log in to subscribe to changes to this notice.

Set your operation notice contact details for future notifications.

LaunchtimeVPS: Server hosting service. A Rimu Hosting Ltd business. RimuHosting services include:

Launchtime™
VPS servers.

RimuHosting™
Dedicated servers.

Pingability™
Website monitoring service.

Woop! Host™
Managed Wordpress hosting.

Infrassembly™
Co-location made easy

Bakop™
Remote storage account service.

Zonomi™
DNS hosting service.

WebAddress™
Be found.

25 Mail St.™
Managed email hosting.

© RimuHosting Ltd 2002-2026. Rimuhosting, Launchtime and the Rimuhosting logo are RimuHosting™ trademarks.