Hello,

Asking for a friend. He currently uses Ubuntu 24.04. If I understand correctly given Ubuntu's resources here and here, copy-fail (CVE-2026-31431) is not yet mitigated and dirtyfrag (CVE-2026-43500) is has status " Needs evaluation".

I am not very familiar with the Ubuntu ecosystem, and I am looking for either a different distro or a mitigation solution for Ubuntu.

different distro

What would be a more up-to-date and hence secure distro? I think there could be two solutions: either upstream updates more aggressively (like Arch's rolling updates), or distros like NixOS/Gentoo where you can build from source and swap out certain packages.

I don't think Arch/NixOS/Gentoo would be a good fit for him as they represent a big time investment.

mitigation

I suppose there are also two ways to mitigate the vulnerability: update the kernel with Ubuntu, or run the temporary command provided by the researchers who found the CVE.

The temporary mitigation commands often don't last over the reboot and requires attention for each CVE, and for this reason I think this solution is not a good fit for him.

How feasible are these options, and which one would you suggest?

Thank you for your help :)