Ongoing updates on Copy.fail and variants
Bulletin ID: 2026-030-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 05/13/2026 10:00 PM PDT This is an ongoing issue. This bulletin will be updated as more information becomes available. Description: AWS is aware of the copy.fail or DirtyFrag class of issues - a set of privilege escalation issues affecting the Linux Kernel. We will update this bulletin as more information becomes available. Please see below for current patching timelines for affected services related to the Copy.fail kernel issue and all its variants. AWS recommends that customers apply all updates addressing these issues as soon as they are available. See more details at Security Bulletin (ID: 2026-030-AWS).
CSIRTS triage
- What
- A set of privilege escalation issues affecting the Linux Kernel.
- Who is affected
- AWS customers using the affected Linux kernel.
- Urgency
- Remediation is urgent due to the potential for exploitation.
- Action
- Apply all updates addressing these issues as soon as they are available.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Linux kernel
Get an email when a new Linux kernel advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://aws.amazon.com/security/security-bulletins/rss/2026-030-aws/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Moderate exploitation riskCVE-2026-463003.7% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 88% of all scored CVEs.
- Exploitation likely imminentCVE-2026-43284EPSS puts this in the most-targeted tier (93.2% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 100% of all scored CVEs.
- Exploitation likely imminentCVE-2026-31431EPSS puts this in the most-targeted tier (96.3% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 100% of all scored CVEs.
- Exploitation likely imminentCVE-2026-43500EPSS puts this in the most-targeted tier (92.8% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 100% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-46300 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-43284 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-31431 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-43500 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- high[UPDATE] [high] Linux Kernel: Multiple vulnerabilitiescert-bund
- high[UPDATE] [high] Linux Kernel (Dirty Frag): Multiple vulnerabilities allow gaining administrator rightscert-bund
- high[UPDATE] [high] Linux Kernel (Fragnesia): Vulnerability Allows Gaining Administrator Rightscert-bund
- unknownUSN-8530-1: Linux kernel (AWS) vulnerabilitiesubuntu
- unknownexploitedUSN-8528-1: Linux kernel (Xilinx ZynqMP) vulnerabilitiesubuntu
- unknownMultiple vulnerabilities in SUSE Linux kernel (July 10, 2026)cert-fr-avis
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)cert-fr-avis
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 3, 2026)cert-fr-avis
- unknownMultiple vulnerabilities in SUSE Linux kernel (July 3, 2026)cert-fr-avis
- unknownRedHat Linux Kernel Multiple Vulnerabilitieshkcert
- unknownMultiple vulnerabilities in the Red Hat Linux kernel (June 26, 2026)cert-fr-avis
- unknownMultiple vulnerabilities in the Ubuntu Linux kernel (June 26, 2026)cert-fr-avis
More from AWS Security Bulletins
- unknownCVE-2026-14904 - Improper Link Resolution in Auth.GetUserPrivateKey in AWS Research and Engineering Studio2026-07-07
- unknownCVE-2026-14471 - Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-…2026-07-06
- unknownCVE-2026-14265- Deserialization of Untrusted Data in AWS Advanced JDBC Wrapper RemoteQueryCachePlugin2026-07-01
- unknownCVE-2026-13760 - OS Command Injection in NodejsFunction Docker Bundling in aws-cdk-lib2026-07-01
- unknownCVE-2026-13769 – Insecure file permissions in AWS CLI2026-07-01