Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)
Vulnerability
Summary
Hide ▲
Show ▼
A proof-of-concept exploit has been released for DirtyDecrypt/DirtyCBC (CVE-2026-31635), a recently patched Linux kernel flaw in rxgk_decrypt_skb() that can enable local privilege escalation and reach root privileges. The issue is tied to a missing copy-on-write guard and affects systems with CONFIG_RXGK enabled, including Fedora, Arch Linux, and openSUSE Tumbleweed; the article says the same bug was discovered by the V12 security team on May 9, 2026 and was treated by maintainers as a duplicate of a mainline fix. The reported exploit path can overwrite privileged memory or page-cache data, making the flaw especially relevant where unprivileged attackers can target sensitive files or kernel-owned data.
Related Happenings
Linux kernel improper privilege management flaw (CVE-2026-46333)
Vulnerability
First: 21.05.2026 10:35
Last: 21.05.2026 10:35
Sources 1
About this happening:
A **Linux kernel** privilege-management flaw, **CVE-2026-46333**, can let **unprivileged local users** on **Debian, Fedora, and Ubuntu** disclose **/etc/shadow** and **SSH host ke...
Linux kernel improper privilege management flaw (CVE-2026-46333)
VulnerabilityAbout this happening: A **Linux kernel** privilege-management flaw, **CVE-2026-46333**, can let **unprivileged local users** on **Debian, Fedora, and Ubuntu** disclose **/etc/shadow** and **SSH host ke...
Linux kernel RDS PinTheft local privilege escalation flaw (public PoC)
Vulnerability
First: 20.05.2026 13:52
Last: 20.05.2026 13:52
Sources 1
About this happening:
**PinTheft** now has a **public PoC exploit**, turning a recently patched **Linux kernel RDS** flaw into a practical **local privilege escalation** risk for **Arch Linux** systems...
Linux kernel RDS PinTheft local privilege escalation flaw (public PoC)
VulnerabilityAbout this happening: **PinTheft** now has a **public PoC exploit**, turning a recently patched **Linux kernel RDS** flaw into a practical **local privilege escalation** risk for **Arch Linux** systems...
Berz0k advertises zero-day Linux LPE exploit for sale
Threat Actor Meta
First: 14.05.2026 10:06
Last: 14.05.2026 10:06
Sources 1
About this happening:
**berz0k** is advertising a **zero-day Linux LPE exploit** for **$170,000** on **cybercrime forums**, signaling active monetization of root-level access in the exploit market. The...
Berz0k advertises zero-day Linux LPE exploit for sale
Threat Actor MetaAbout this happening: **berz0k** is advertising a **zero-day Linux LPE exploit** for **$170,000** on **cybercrime forums**, signaling active monetization of root-level access in the exploit market. The...
Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)
Vulnerability
First: 14.05.2026 10:06
Last: 14.05.2026 10:06
Sources 1
About this happening:
**Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...
Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)
VulnerabilityAbout this happening: **Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...
Latest development: 14.05.2026 16:00
Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.
Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)
Vulnerability
First: 11.05.2026 11:15
Last: 11.05.2026 11:15
Sources 1
About this happening:
A newly disclosed **Linux kernel** local privilege-escalation flaw, **Dirty Frag and Copy Fail 2**, can let an unprivileged user reach **root** on affected systems. The bug chains...
Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)
VulnerabilityAbout this happening: A newly disclosed **Linux kernel** local privilege-escalation flaw, **Dirty Frag and Copy Fail 2**, can let an unprivileged user reach **root** on affected systems. The bug chains...
Timeline
-
18.05.2026 10:18 1 articles · 9d ago
Linux kernel fix for CVE-2026-31635
Mitigation Patch UpdateA Linux kernel privilege-escalation flaw matching CVE-2026-31635 details was patched on April 25, 2026.
Show sources
- Exploit available for new DirtyDecrypt Linux root escalation flaw — www.bleepingcomputer.com — 18.05.2026 10:18
-
18.05.2026 10:18 1 articles · 9d ago
V12 reports DirtyDecrypt/DirtyCBC duplicate
Initial DisclosureThe V12 security team found and reported DirtyDecrypt/DirtyCBC on May 9, 2026, and Linux kernel maintainers said it was a duplicate of a bug already patched in mainline.
Show sources
- Exploit available for new DirtyDecrypt Linux root escalation flaw — www.bleepingcomputer.com — 18.05.2026 10:18
-
18.05.2026 10:18 3 articles · 9d ago
Proof-of-concept exploit enables root access
Technical Analysis UpdateA proof-of-concept exploit for DirtyDecrypt/DirtyCBC can gain root access on some Linux systems running CONFIG_RXGK, with the attack surface limited to upstream-tracking distributions such as Fedora, Arch Linux, and openSUSE Tumbleweed; affected users are urged to install the latest kernel updates or use the temporary mitigation that disables esp4, esp6, and rxrpc.
Show sources
- Exploit available for new DirtyDecrypt Linux root escalation flaw — www.bleepingcomputer.com — 18.05.2026 10:18
- Exploit available for new DirtyDecrypt Linux root escalation flaw — www.bleepingcomputer.com — 18.05.2026 10:18
- DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability — thehackernews.com — 19.05.2026 17:56