Over the past few weeks, several Linux kernel vulnerabilities have received significant attention within the security community, including DirtyFrag, Copyfail, and Fragnesia.

We have assessed all of them against Logmanager 3 and Logmanager 4 and can confirm that none of them pose a real-world threat to Logmanager deployments

What Are DirtyFrag, Copyfail, and Fragnesia?

All three are local privilege escalation (LPE) vulnerabilities in the Linux kernel. In the worst case, they could allow an attacker who already has a foothold on a machine, for example through a local shell account or a container escape opportunity, to gain full control of the host operating system.

The key phrase here is already has a foothold. These are not vulnerabilities that can be exploited remotely over the network by an external attacker. An attacker must first be a legitimate local user or have already compromised a process running on the system.

Why These Vulnerabilities Do Not Affect Logmanager

Logmanager does not have local user accounts

Logmanager is a security appliance, not a general-purpose server. No end-user accounts exist on the system. There is no SSH access for customers, no interactive shell for operators beyond the defined management interface, and no guest or shared accounts.

The attack model these vulnerabilities rely on, namely an unprivileged local user, simply does not exist in a standard Logmanager deployment.

Because the first step in every attack chain described by these CVEs is impossible on Logmanager, the rest of the chain is irrelevant.

We Do Not Stop at “Good Enough”

Even though no local attacker is expected to exist, we believe that partial mitigations still matter. Security should work in layers, and even vulnerabilities that are unlikely to be exploited are worth addressing.

Our approach:

Kernel module blacklisting. Where a vulnerability requires a specific kernel module to be loaded on demand, we can prevent that module from loading entirely. This is one of the tools we apply when a kernel-level patch is not yet available or sufficient. In this case, since a patch is already available, we have decided not to blacklist the respective module at this time. However, this remains a possible mitigation in the future.

Not enabling what we do not use. Logmanager does not use IPsec tunneling on the appliance itself. The kernel subsystems required to exploit DirtyFrag and Fragnesia are therefore never activated.

Container capability restrictions. Internal services run in containers with a strictly bounded capability set. The elevated capabilities required to interact with the affected kernel subsystems are not granted to any container by default.

OS security patches. We track our OS vendor’s security channels and incorporate kernel patches into each Logmanager release. The kernel-level fix for Copyfail (CVE-2026-31431) is available from our OS vendor and will be included in upcoming releases for both product lines.

Summary

VulnerabilityCVEsLogmanager 3Logmanager 4
CopyfailCVE-2026-31431Not exploitable — architectural controls prevent exploitation; kernel patch included in upcoming releaseNot exploitable — architectural controls prevent exploitation; kernel patch included in upcoming release
DirtyFragCVE-2026-43284, CVE-2026-43500Not exploitable — vulnerable kernel subsystems not active; affected code path absent from the kernel buildNot exploitable — vulnerable kernel subsystems not active
FragnesiaCVE-2026-46300Not exploitable — same conditions as DirtyFragNot exploitable — same conditions as DirtyFrag

We continuously monitor relevant security disclosures and assess them against our platform as they emerge. If you have any questions, please reach out to our support team at [email protected].