{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigfhanfpguflkezuij5dpl4ur52hjv3gz4cm7l5wkkm2ki7a5pjk4",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mldyfuxh26t2"
  },
  "path": "/t/is-secureblue-linux-secureblue-dev-also-vulnerable-by-these-three-recent-linux-vulnerabilities-copy-fail-copy-fail-2-and-dirty-frag/37728#post_18",
  "publishedAt": "2026-05-08T14:34:05.000Z",
  "site": "https://discuss.privacyguides.net",
  "tags": [
    "github.com/secureblue/secureblue",
    "feat: add SELinux policy to deny access to AF_ALG sockets (#2183)",
    "HastD",
    "+17\n-2",
    "…",
    "feat: disable kernel modules to mitigate dirtyfrag  (#2212)",
    "+19\n-1"
  ],
  "textContent": "github.com/secureblue/secureblue\n\n####  feat: add SELinux policy to deny access to AF_ALG sockets (#2183)\n\n`live` ← `HastD:deny-af-alg`\n\nopened 07:38PM - 30 Apr 26 UTC\n\n\n\n            HastD\n          \n\n\n+17\n-2\n\n\nAF_ALG sockets are the userspace interface to the kernel crypto API, which expos…es a lot of attack surface and was responsible for the recently announced Copy Fail privilege escalation exploit. Seeing as this API isn't used much anyway, we can just deny all userspace processes access to these sockets using SELinux. Resolves #2180.\n\ngithub.com/secureblue/secureblue\n\n####  feat: disable kernel modules to mitigate dirtyfrag  (#2212)\n\n`live` ← `HastD:dirtyfrag-mitigation`\n\nopened 09:24PM - 07 May 26 UTC\n\n\n\n            HastD\n          \n\n\n+19\n-1\n\n\nThis disables the kernel modules that provide support for ESP (Encapsulating Sec…urity Payload) and RxRPC, which are involved in the recently disclosed \"dirtyfrag\" kernel exploit.",
  "title": "Is secureblue linux [ secureblue.dev ] also vulnerable by these three recent linux vulnerabilities - Copy Fail, Copy Fail 2 and Dirty Frag?"
}