Is secureblue linux [ secureblue.dev ] also vulnerable by these three recent linux vulnerabilities - Copy Fail, Copy Fail 2 and Dirty Frag?

github.com/secureblue/secureblue

feat: add SELinux policy to deny access to AF_ALG sockets (#2183)

live ← HastD:deny-af-alg

opened 07:38PM - 30 Apr 26 UTC

        HastD
      

+17 -2

AF_ALG sockets are the userspace interface to the kernel crypto API, which expos…es a lot of attack surface and was responsible for the recently announced Copy Fail privilege escalation exploit. Seeing as this API isn't used much anyway, we can just deny all userspace processes access to these sockets using SELinux. Resolves #2180.

github.com/secureblue/secureblue

feat: disable kernel modules to mitigate dirtyfrag (#2212)

live ← HastD:dirtyfrag-mitigation

opened 09:24PM - 07 May 26 UTC

        HastD
      

+19 -1

This disables the kernel modules that provide support for ESP (Encapsulating Sec…urity Payload) and RxRPC, which are involved in the recently disclosed "dirtyfrag" kernel exploit.