Copy Fail 2 / Dirty Frag
May 12, 2026. After CVE-2026-31431 mitigations land, one CI worker still shows odd text section mappings. You prove whether fragments of poisoned pages remain mapped in shared address spaces.
Briefing
This is a deliberately fictional Copy Fail 2 follow-up. A CI worker still shows dirty page-cache symptoms after mitigation. You do not run kernel tricks; you trace the artifact chain defenders would use to decide whether to evict and rebuild.
Your role
Forensic engineer validating reboot completeness post Copy Fail response.
Objective
Validate the simulated Copy Fail 2 chain: AF_ALG use, duplicate mappings, surviving CI jobs, reboot evidence, and image rebuild.
Terminal environment
- user
- responder
- host
- ci-node-east
- cwd
- /home/forensics/ci-node-east
- steps
- 8
Safety note. This is a safe reconstruction. All systems, files, hosts, credentials, and outputs are simulated. Do not use these techniques on systems you do not own or have explicit permission to test.