MOXA has issued a critical security advisory (MPSA-263140) concerning vulnerabilities in its Linux-based operating systems that allow local attackers to gain root privileges. The weaknesses are identified as 'Copy Fail' (CVE-2026-31431) and 'Dirty Frag' (CVE-2026-43284, CVE-2026-43500). The advisory underscores the risks in non-containerized environments where attackers can easily elevate their privileges.
For containerized systems, these vulnerabilities pose significant threats as they may lead to host system compromises. Moxa recommends immediate mitigation actions, including disabling the `rxrpc` networking module, and provides a detailed remediation strategy for affected users to enhance their security while permanent patching is prepared.