Proof-of-Concept (PoC) code has been released for a significant Linux kernel vulnerability dubbed DirtyDecrypt, which allows local attackers to elevate their privileges to root. This flaw was first identified by the V12 security team earlier this month, following the application of patches in April.
DirtyDecrypt, also known as DirtyCBC, relates to a missing copy-on-write (COW) guard in the rxgk_decrypt_skb component of the RxGK subsystem. This security class is designed for the RxRPC network protocol as used by the Andrew File System (AFS) and OpenAFS. The lack of the necessary COW guard permits oversized response authenticators, which could result in data being improperly written to the memory of privileged processes, or affect the page cache of sensitive files, including set-user-ID (SUID) binaries.
Although the V12 team has not provided a Common Vulnerabilities and Exposures (CVE) identifier for this security defect, industry experts suggest that it could relate to CVE-2026-31635, which has a CVSS score of 7.5. This vulnerability was disclosed on April 24, the same time that patches were released for various Linux kernel builds.
The DirtyDecrypt vulnerability particularly impacts Linux distributions with CONFIG_RXGK compiled and enabled, which includes Arch Linux, Fedora, and openSUSE. For users utilizing container platforms, all worker nodes running a vulnerable version can give attackers the opportunity to escape from the pod, enhancing their attack surface.
This flaw is viewed as a variant of previously reported vulnerabilities, such as CopyFail, DirtyFrag, and Fragnesia, all of which also lead to root access on compromised systems. Recently disclosed as CVE-2026-46300, Fragnesia affects the XFRM ESP-in-TCP subsystem and enables attackers to overwrite critical system files. Similarly, the Dirty Frag exploit chains two vulnerabilities that permit root privilege escalation via the RxRPC component.
The long-term implications of vulnerabilities like DirtyDecrypt, Copy Fail, and others illustrate an urgent need for enhanced security measures within Linux kernel infrastructures to protect against escalating threats.
For additional context, relevant vulnerabilities and exploration of exploitation techniques are detailed in several related articles:
Together, these incidents highlight critical vulnerabilities in Linux security that require prompt attention and remediation.
ChicagoVPS is your gateway to unparalleled hosting solutions. Our state-of-the-art datacenters and powerful network ensures lightning-fast speeds and uninterrupted connectivity for your websites and applications. Whether you’re a startup looking for scalable resources or an enterprise in need of enterprise-grade hosting, our range of plans and customizable solutions guarantee a perfect fit. Trust in ChicagoVPS to deliver excellence, combining unmatched reliability and top-tier support.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@chicagovps.net.
