DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability

What’s new: A proof-of-concept (PoC) exploit for the Linux kernel local privilege escalation vulnerability CVE-2026-31635, known as DirtyDecrypt, has been released. This vulnerability, discovered by the Zellic and V12 security team, allows unprivileged users to escalate privileges by exploiting a flaw in the rxgk_decrypt_skb() function due to a missing copy-on-write (COW) guard. It affects Linux distributions with CONFIG_RXGK enabled, such as Fedora, Arch Linux, and openSUSE Tumbleweed.

Who’s affected

Linux distributions with CONFIG_RXGK enabled are at risk. This includes Fedora, Arch Linux, and openSUSE Tumbleweed. The vulnerability could also impact containerized environments, allowing potential escape from pods.

What to do

• Review and apply any available patches for CVE-2026-31635 from your Linux distribution.
• Consider implementing temporary mitigations, such as disabling the CONFIG_RXGK feature if not needed.
• Monitor for updates regarding the proposed “killswitch” functionality for kernel functions.
• Stay informed about related vulnerabilities and their patches, including CVE-2026-41651 and CVE-2026-46333.

Sources

• The Hacker News