Home > Control panel > Operations notices

Related Links

Notice Links:

Notices

Linux kernel vulnerability requiring VM restarts (Dirtyfrag)

PostedFri, 8 May 2026 08:21 AM UTC
Fri, 8 May 2026 04:21 AM EDT
Last UpdateFri, 8 May 2026 14:26 PM UTC (29 hours ago)
Fri, 8 May 2026 10:26 AM EDT
StatusOpen

A serious Linux kernel vulnerability has been publicly disclosed:

https://github.com/V4bel/dirtyfrag

This issue has been allocated CVE-2026-43284, also known as Dirtyfrag.

The issue affects most Linux kernels released in the last decade. It allows a local unprivileged user or process to gain root privileges. In practical terms, if an attacker has access to run code inside a VM, for example through a compromised website, shell account, or application, this bug may allow them to take full control of that VM.

Where a server is using a modular kernel, you should check with the distributor as soon as possible for update and mitigation steps.

We have released patched VM kernels to our hosts. A reboot will be required to use that. We recomend you restart your server as soon as possible to adopt an updated kernel. They should be restarted from our control panel.

You can verify which kernel your VM is running using the command 'uname -r', it will look something like this...:

6.12.0-really87-rh-20260508114817.xenU.x86_64

Patched kernels will show a build date of 20260508 or newer. Those digits are the date: 2026 May 8th.

We are continuing to assess this vulnerability and will be providing updates and further recomendations here. Please subscribe to this notice for updates.

#

Datacenter Network Maintenance – Regular Routing Change

PostedMon, 4 May 2026 22:42 PM UTC
Mon, 4 May 2026 18:42 PM EDT
Last UpdateMon, 4 May 2026 23:28 PM UTC (116 hours ago)
Mon, 4 May 2026 19:28 PM EDT
StatusOpen
Affected LocationDallas (TX)

As part of our regular network operations, we will perform a routing change during the maintenance window below.

Maintenance Window:
Start: 5 May 2026, 18:00 Dallas local time
End: 5 May 2026, 22:00 Dallas local time

Impact:
There is no downtime expected for this maintenance.

We will provide an update once the work has been completed.

#

Dallas power maintenance: Annual UPS 5 and 10 maintenance

PostedWed, 22 Apr 2026 20:50 PM UTC
Wed, 22 Apr 2026 16:50 PM EDT
Last UpdateWed, 22 Apr 2026 20:50 PM UTC (17 days ago)
Wed, 22 Apr 2026 16:50 PM EDT
StatusOpen

This work involves replacement of parts in UPS units, as part of normal manufacturer recomended maintenance. No impact is expected.

Maintenance Start: 05/05/2026 23:00 US/Eastern
Maintenance End: 05/06/2026 04:00 US/Eastern

During this activity, supply will transfer the facility load from utility to generator. Then back to utility upon completion of the maintenance.

#

host1464.rimuhosting.com operations notice

PostedFri, 8 May 2026 14:54 PM UTC
Fri, 8 May 2026 10:54 AM EDT
Last UpdateFri, 8 May 2026 15:58 PM UTC (28 hours ago)
Fri, 8 May 2026 11:58 AM EDT
StatusClosed
Affected service

Fri, 8 May 2026 15:57 PM UTC: An issue with the network driver was seen. After restarting the server, normal operation has been restored. VPSs are back online

host1464.rimuhosting.com is not responding normally.  We are investigating and may have it restarted.

#

cPanel & WHM Security Issue (2026-04-28)

PostedWed, 29 Apr 2026 01:11 AM UTC
Tue, 28 Apr 2026 21:11 PM EDT
Last UpdateSun, 3 May 2026 21:49 PM UTC (6 days ago)
Sun, 3 May 2026 17:49 PM EDT
StatusClosed

https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

A security issue has been identified in the cPanel software affecting all currently supported versions relating to various authentication paths.

Please run the following command to retrieve the patched version.

/scripts/upcp --force

Should you need assistance with this, please pop in a support ticket.

#

Linux kernel vulnerability requiring VM restart (Copy Fail)

PostedFri, 1 May 2026 04:10 AM UTC
Fri, 1 May 2026 00:10 AM EDT
Last UpdateSat, 2 May 2026 22:35 PM UTC (7 days ago)
Sat, 2 May 2026 18:35 PM EDT
StatusClosed

Update at Sat, 2 May 2026 22:33 PM UTC: VMs are now running on new kernels.  We worked through a few restart issues with a few customers.  Now would be a good time to check your services are all running as expected.  Let us know if we can assist with anything!

A serious Linux kernel vulnerability has been publicly disclosed:

https://copy.fail/

This issue is tracked as CVE-2026-31431, also known as Copy Fail.

It affects many Linux kernels shipped from 2017 onwards. The issue allows a local unprivileged user or process to gain root privileges. In practical terms, if an attacker already has access to run code inside a VM, for example through a compromised website, shell account, or application, this bug may allow them to take full control of that VM.

We have pushed patched kernels to our VM hosts.

No action is required, but an urgent restart is strongly recommended

We will be restarting affected customer VMs with the patched kernel.  No action is required by you.  However, it is best if you can switch to the patched kernel as soon as possible rather than waiting for us.

Switching to the patched kernel

Your VM needs to be restarted to boot into the patched kernel.

You can restart it yourself now using one of these methods:

After the restart, your VM should be running the patched kernel.

You can check with:

uname -a

For example a fixed kernel looks like:

Linux example.com 6.6.0-really137-rh-20260430214815.xenU.x86_64 #1 SMP Thu Apr 30 22:06:25 UTC 2026 x86_64 GNU/Linux

The kernel version should show a build date of 20260430 or newer. Those digits are the date: 30 April 2026.

Your VM will be restarted

Because this is a serious privilege escalation issue and public exploit code is available, we will restart VMs that are still running an older kernel.

We will start those restarts from:

  • Friday 1 May, 22:00 UTC
  • Friday 1 May, 17:00 Dallas time
  • Saturday 2 May, 10:00 NZST

The restart should be a normal VM reboot. Your VM will be unavailable while it restarts.

We will not restart servers already on a patched kernel.

If you want to control the timing, please restart your VM before then.

If you do not want us to restart your VM, please open a support ticket and ask us to add this tag to your server notes:

#noautokernelfix

Please note that opting out means your VM may continue running a vulnerable kernel until you restart it yourself.

Notes

  • VPSs running our 4.14 and older kernels are not be vulnerable to this attack (pre 2017).
  • VPSs on our 4.19 or 5.4 kernels can typically be reliably switched on our kernel page to our 5.10 or newer kernels.
  • The kernel page will tell you which kernel will be used after the restart and which kernel it was booted on.  For example if it says "Booted on 5.10.0-really251-rh-20260304013052.xenU.x86_64" then that date string "20260304" means the kernel is from March and predates the fixed kernel (20260430 or newer).
  • VPSs using a custom kernel (ie via grub) should check with their kernel provider and update as soon as possible.
  • As usual please subscribe to this notice to receive updates on the situation.
#

host1228.rimuhosting.com VPS moves

PostedThu, 2 Apr 2026 01:07 AM UTC
Wed, 1 Apr 2026 21:07 PM EDT
Last UpdateFri, 1 May 2026 02:10 AM UTC (9 days ago)
Thu, 30 Apr 2026 22:10 PM EDT
StatusClosed
Affected service

Fri, 1 May 2026 02:07 AM UTC: All activities complete

Tue, 28 Apr 2026 04:18 AM UTC: These have been delayed, and are now rescheduled from 4am 30th April UTC (11pm Dallas time)

host1228.rimuhosting.com requires routine maintenance. To minimise customer disruption we will be moving VPSs running there to an alternate host.

Scheduled: from 4am 27th April UTC (11pm 26th Dallas)

Detail: One at a time, VPSs will be stopped, the filesystem moved to an alternate host, and then restarted on the new host. Moves will take roughly 1min/GB of disk.

#