Ethical Hacking News
A new local privilege escalation vulnerability has been discovered in the Linux kernel, dubbed as DirtyDecrypt (CVE-2026-31635). This vulnerability relies on a missing copy-on-write guard in the rxgk_decrypt_skb function. The affected distributions include Fedora, Arch Linux, and openSUSE Tumbleweed, while standard Ubuntu or Debian installs are not impacted. Without proper patching and configuration adjustments, this vulnerability can be exploited by an attacker to gain unauthorized access to sensitive data or even escalate privileges.
A new local privilege escalation vulnerability has been discovered in the Linux kernel, dubbed as DirtyDecrypt (CVE-2026-31635).The vulnerability relies on a missing copy-on-write guard in the rxgk_decryptskb function and allows attackers to write data into shared memory pages.The vulnerability affects only Linux distributions that compile the kernel with CONFIG_RXGK enabled, including Fedora, Arch Linux, and openSUSE Tumbleweed.Containerized environments can be exploited by a vulnerable worker node to gain unauthorized access to sensitive data or escalate privileges.Proper patching and configuration adjustments are crucial to prevent exploitation of this vulnerability.
A new local privilege escalation vulnerability has been discovered in the Linux kernel, dubbed as DirtyDecrypt (CVE-2026-31635). This vulnerability, similar to its predecessors Copy Fail, Dirty Frag, and Fragnesia, relies on a missing copy-on-write guard in the rxgk_decrypt_skb function, which is responsible for decrypting incoming socket buffers. The core issue lies in the fact that this function does not properly handle shared memory pages, allowing an attacker to write data into the memory of privileged processes or directly into sensitive files, such as /etc/shadow or /etc/sudoers.
The vulnerability was first reported by researchers at Zellic and V12 security team on May 9, 2026. Initially, the kernel maintainers informed them that it was a duplicate of an already fixed upstream issue. However, after further investigation, the PoC (proof-of-concept) for this vulnerability has been made publicly available on GitHub, as indicated by the National Vulnerability Database.
This DirtyDecrypt variant is part of a cluster of related vulnerabilities that have surfaced over the past few weeks, all sharing the same underlying class of page cache write primitive. The previous variants include Copy Fail (CVE-2026-31431), Dirty Frag (CVE-2026-43284 and CVE-2026-43500), and Fragnesia (CVE-2026-46300). These vulnerabilities share a common exploit path that involves writing data into shared memory pages, which can lead to an attacker gaining root privileges.
Only Linux distributions that compile the kernel with CONFIG_RXGK enabled are affected by this vulnerability, including Fedora, Arch Linux, and openSUSE Tumbleweed. Standard Ubuntu or Debian installs are not impacted. However, there is one scenario worth flagging separately: in containerized environments, a vulnerable worker node could provide a path to escape the pod, turning a local privilege escalation into something considerably more impactful in a Kubernetes context.
Without proper patching and configuration adjustments, this vulnerability can be exploited by an attacker to gain unauthorized access to sensitive data or even escalate privileges. This highlights the importance of regular security updates and proper kernel configuration for Linux systems.
Related Information:
https://www.ethicalhackingnews.com/articles/A-New-Linux-Vulnerability-Emerges-DirtyDecrypt-ehn.shtml
https://securityaffairs.com/192436/uncategorized/dirtydecrypt-poc-released-for-yet-another-linux-flaw.html
https://nvd.nist.gov/vuln/detail/CVE-2026-31635
https://www.cvedetails.com/cve/CVE-2026-31635/
https://nvd.nist.gov/vuln/detail/CVE-2026-31431
https://www.cvedetails.com/cve/CVE-2026-31431/
https://nvd.nist.gov/vuln/detail/CVE-2026-43284
https://www.cvedetails.com/cve/CVE-2026-43284/
https://nvd.nist.gov/vuln/detail/CVE-2026-43500
https://www.cvedetails.com/cve/CVE-2026-43500/
https://nvd.nist.gov/vuln/detail/CVE-2026-46300
https://www.cvedetails.com/cve/CVE-2026-46300/
Published: Wed May 20 04:04:02 2026 by llama3.2 3B Q4_K_M
