Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)
Vulnerability
Summary
Hide ▲
Show ▼
A proof-of-concept exploit has been released for DirtyDecrypt/DirtyCBC (CVE-2026-31635), a recently patched Linux kernel flaw in rxgk_decrypt_skb() that can enable local privilege escalation and reach root privileges. The issue is tied to a missing copy-on-write guard and affects systems with CONFIG_RXGK enabled, including Fedora, Arch Linux, and openSUSE Tumbleweed; the article says the same bug was discovered by the V12 security team on May 9, 2026 and was treated by maintainers as a duplicate of a mainline fix. The reported exploit path can overwrite privileged memory or page-cache data, making the flaw especially relevant where unprivileged attackers can target sensitive files or kernel-owned data.
Related Happenings
Linux kernel GhostLock root privilege escalation (CVE-2026-43499)
Vulnerability
H score28
First: 08.07.2026 09:16
Last: 08.07.2026 09:16
Sources 1
About this happening:
Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...
Linux kernel GhostLock root privilege escalation (CVE-2026-43499)
VulnerabilityAbout this happening: Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...
Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)
Vulnerability
H score23
First: 03.07.2026 22:40
Last: 03.07.2026 22:40
Sources 1
About this happening:
**Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...
Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)
VulnerabilityAbout this happening: **Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
Vulnerability
H score29
First: 26.06.2026 14:51
Last: 26.06.2026 14:51
Sources 1
About this happening:
**CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
VulnerabilityAbout this happening: **CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/Mitigation
H score38
First: 16.06.2026 08:41
Last: 16.06.2026 08:41
Sources 1
About this happening:
CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/MitigationAbout this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
Linux kernel CIFS subsystem CIFSwitch local privilege escalation privilege-escalation flaw
Vulnerability
H score31
First: 30.05.2026 17:16
Last: 30.05.2026 17:16
Sources 1
About this happening:
The **Linux kernel CIFS subsystem** has a disclosed **CIFSwitch** local privilege-escalation flaw that can let an **unprivileged local attacker** reach **root privileges** by abus...
Linux kernel CIFS subsystem CIFSwitch local privilege escalation privilege-escalation flaw
VulnerabilityAbout this happening: The **Linux kernel CIFS subsystem** has a disclosed **CIFSwitch** local privilege-escalation flaw that can let an **unprivileged local attacker** reach **root privileges** by abus...
Latest development: 01.06.2026 14:19
Major Linux distributions rolled out fixes for the CIFSwitch Linux kernel CIFS privilege-escalation flaw, and Manizada published PoC code to help defenders validate patches, mitigations, detections, and exposure. Linux Mint, CentOS, Rocky Linux, Kali Linux, AlmaLinux, and SLES SAP systems that ship cifs-utils by default are vulnerable, and some distros are vulnerable only if cifs-utils was manually installed.
Timeline
-
18.05.2026 10:18 1 articles · 1mo ago
Linux kernel fix for CVE-2026-31635
Mitigation Patch UpdateA Linux kernel privilege-escalation flaw matching CVE-2026-31635 details was patched on April 25, 2026.
Show sources
- Exploit available for new DirtyDecrypt Linux root escalation flaw — www.bleepingcomputer.com — 18.05.2026 10:18
-
18.05.2026 10:18 1 articles · 1mo ago
V12 reports DirtyDecrypt/DirtyCBC duplicate
Initial DisclosureThe V12 security team found and reported DirtyDecrypt/DirtyCBC on May 9, 2026, and Linux kernel maintainers said it was a duplicate of a bug already patched in mainline.
Show sources
- Exploit available for new DirtyDecrypt Linux root escalation flaw — www.bleepingcomputer.com — 18.05.2026 10:18
-
18.05.2026 10:18 3 articles · 1mo ago
Proof-of-concept exploit enables root access
Technical Analysis UpdateA proof-of-concept exploit for DirtyDecrypt/DirtyCBC can gain root access on some Linux systems running CONFIG_RXGK, with the attack surface limited to upstream-tracking distributions such as Fedora, Arch Linux, and openSUSE Tumbleweed; affected users are urged to install the latest kernel updates or use the temporary mitigation that disables esp4, esp6, and rxrpc.
Show sources
- Exploit available for new DirtyDecrypt Linux root escalation flaw — www.bleepingcomputer.com — 18.05.2026 10:18
- Exploit available for new DirtyDecrypt Linux root escalation flaw — www.bleepingcomputer.com — 18.05.2026 10:18
- DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability — thehackernews.com — 19.05.2026 17:56