PoC DirtyDecrypt: Linux Kernel LPE CVE-2026-31635

Colleagues, a heads-up in cybersecurity: a PoC for DirtyDecrypt (CVE-2026-31635) has been published, enabling local privilege escalation.
Briefly:
- Cause: lack of COW protection in rxgk_decrypt_skb — allows writes to process memory/page cache.
- Affects kernels built with CONFIG_RXGK (Fedora, Arch, openSUSE Tumbleweed); container escapes are possible.
- Variant of Copy Fail/Dirty Frag/Fragnesia; PoC available, CVSS ≈ 7.5.
- Temporary mitigations (killswitch) and accelerated repos (Rocky Linux) are being discussed.
Why it matters: the exploit yields a path to root — urgent checks and patching required.
How do you plan to protect your hosts?
#cybersecurity #Linux #CVE #security


Latest comments
No comments yet.