Techtalk

Latest

Copy Fail, CrackArmor, and Dirty Frag: Why Ginzinger Systems Are Secure

Several critical security vulnerabilities in the Linux kernel are currently causing sleepless nights in the embedded Linux world. For many companies, the key question right now is: Are their own systems affected?

Embedded Security mit Schloss

Several critical security vulnerabilities in the Linux kernel are currently causing sleepless nights in the embedded Linux world. In particular, the “Copy Fail” vulnerability (CVE-2026-31431), as well as “CrackArmor” (CVE-2026-23268/ CVE-2026-23269), and “Dirty Frag” (CVE-2026-43284) demonstrate once again how important a well-designed security architecture is for industrial devices.


These vulnerabilities are particularly critical because they can allow local, otherwise restricted users to bypass security mechanisms, gain root privileges, and thereby completely compromise systems.

For many companies, the key question right now is: Are our systems affected? Critical kernel vulnerabilities mean additional analysis work, rapid risk assessments, and—not infrequently—overtime for the development teams responsible.

Ginzinger Systems is not affected

The good news for Ginzinger’s project partners: The GELin (Ginzinger Embedded Linux) systems currently in use, running Linux kernels v5.4 and v5.10, are not affected by the vulnerabilities mentioned.
This is due to the company’s consistent focus on customized embedded Linux solutions. When developing the Linux kernel, Ginzinger deliberately ensures that only those functions and components actually required for the respective customer application are integrated.
Unnecessary functions or kernel modules are consistently disabled or removed. This results in a deliberately lean kernel with a significantly reduced attack surface.

Many current vulnerabilities affect functions or kernel features that are not enabled at all in GELin systems and therefore pose no risk.

This approach offers several advantages:

  • smaller attack surface
  • fewer potential vulnerabilities
  • easier maintenance throughout the product lifecycle
  • better overview of the components used

In other words: Less complexity often means greater security.

Security starts with the architecture

Many general-purpose Linux distributions are deliberately designed to be comprehensive in order to cover as many use cases as possible. In an industrial setting, however, this very complexity can become a risk. 
A lean and optimized embedded system not only reduces resource consumption but also makes security assessment significantly easier.  Critical security alerts must be analyzed in a targeted manner because it is clear which components and kernel functions are actually being used.
Technical classification is also important here: If the issue is a vulnerability in the Linux kernel, a corresponding kernel update is also required in the event of an emergency. A RoofFS update alone would not be sufficient for this.

Security by design is becoming increasingly important

With new regulatory requirements such as the Cyber Resilience Act (CRA), cybersecurity is coming even more into focus. In the future, manufacturers will have to demonstrate that their products are developed securely and can be maintained over the long term. This is precisely where custom-tailored embedded Linux platforms show their strengths:

  • reduced complexity
  • better control over the components used
  • lower maintenance costs
  • greater long-term security

Security begins with the system architecture (Security by Design) and not just with updates.

We make your systems secure!

More