"It's a rxgk pagecache write due to missing COW [copy-on-write] guard in rxgk_decrypt_skb," Zellic co-founder Luna Tong (aka cts and gf_256) wrote in a description shared on GitHub.
CVE-2026-31635 and the DirtyDecrypt PoC
Proof-of-concept exploit code for a recently patched Linux kernel flaw — dubbed DirtyDecrypt (aka DirtyCBC) — has been published, and the NIST National Vulnerability Database (NVD) links that PoC in the CVE record for CVE-2026-31635. The vulnerability carries a CVSS score of 7.5 and was reported to maintainers by the Zellic and V12 security team on May 9, 2026; maintainers told the researchers it duplicated a defect already patched in mainline.
Technical fault: rxgk_decrypt_skb and a missing COW guard
The specific coding error sits in rxgk_decrypt_skb(), the function that decrypts an incoming sk_buff (socket buffer) on the receive side, Moselwal said. In that path the kernel can handle memory pages that are partly shared with the page cache of other processes — an optimization normally protected by copy-on-write (COW). Because rxgk_decrypt_skb lacks the COW guard, a write during decryption can land in memory belonging to privileged processes or in the page cache for privileged files such as etc/shadow, /etc/sudoers, or a SUID binary, enabling local privilege escalation.
Distributions, containers, and the CONFIG_RXGK constraint
DirtyDecrypt affects only kernels built with CONFIG_RXGK enabled; example distributions called out include Fedora, Arch Linux, and openSUSE Tumbleweed. The advisory notes that, in containerized environments, worker nodes running a vulnerable kernel could provide a pathway to escape the pod — a specific operational concern for clusters where host kernels include the RXGK feature.
Lineage: Copy Fail, Dirty Frag, Fragnesia and related kernel bugs
Zellic assessed DirtyDecrypt as a variant of earlier copy-on-write page-cache write defects: Copy Fail (CVE-2026-31431), Dirty Frag aka Copy Fail 2 (CVE-2026-43284 and CVE-2026-43500), and Fragnesia (CVE-2026-46300). Each of those bugs has been shown to grant root access on vulnerable systems. Copy Fail — an LPE flaw in the AF_ALG cryptographic socket interface — was disclosed by Theori on April 29, 2026, and Dirty Frag followed a week later, expanding the primitives to include two page-cache write techniques. Fragnesia targets the XFRM ESP-in-TCP subsystem but produces the same result: the ability for an unprivileged local user to modify read-only file contents in the kernel page cache and escalate to root.
Disclosure dynamics: embargoes, a merged patch, and public PoCs
Recent disclosures were complicated by an embargo that broke. Security researcher Hyunwoo Kim moved to public disclosure after an agreed embargo window ended prematurely: a merged patch for CVE-2026-43284 on May 5 led another researcher, using the online aliases 0xdeadbeefnetwork and afflicted.sh, to inspect the commit and publish exploit details. That researcher described the work as "n-day weaponization from a public upstream commit, which is standard practice once a security-relevant fix lands in a public tree," and said they had "built a PoC" after recognizing "the xfrm ESP-in-UDP MSG_SPLICE_PAGES no-COW path against shared pipe pages as an LPE primitive."
Kernel killswitch proposal and Rocky Linux's rapid-fix repository
The flurry of privilege-escalation disclosures has prompted kernel developers to consider emergency mitigations. Sasha Levin submitted a proposal for a "killswitch" that would let a privileged operator make a chosen kernel function return a fixed value without executing its body; as Levin wrote, the function would "return the operator-supplied value and nothing else runs in its place," and "once engaged, the change is in effect on every CPU until ``disengage`` is written or the system reboots." Separately, Rocky Linux launched an optional security repository intended to ship urgent fixes quickly in narrow cases where "a significant vulnerability is public, exploit code exists, and upstream patches are not available yet." Rocky emphasized the repository is disabled by default and that upstream releases will eventually supersede any distribution-level patches.
What this means for technologists, container operators, and distribution maintainers
- Technologists and security teams: systems with CONFIG_RXGK enabled should identify kernel builds and assess exposure to CVE-2026-31635; the public PoC and the NVD link mean exploit code is discoverable.
- Container operators and cloud providers: worker nodes running vulnerable kernels could permit pod escapes, so node kernel configuration and patch status are immediate operational controls to review.
- Distribution maintainers and operators of long-lived servers: choices now include applying upstream fixes, enabling distribution-level rapid patches like Rocky Linux's optional repository, or using runtime mitigations such as the proposed killswitch while formal fixes are coordinated.
The publication of the DirtyDecrypt PoC, coupled with the linked NVD record and a string of related kernel and daemon flaws, has converted theoretical page-cache primitives into publicly visible exploit artifacts. Kernel developers are debating emergency mitigations while at least one distribution offers an opt-in fast lane for fixes; the practical questions left for administrators are concrete and immediate — which kernels have CONFIG_RXGK enabled, where those kernels run, and which short-term mitigations to accept while a permanent upstream fix is deployed.
Original story: https://thehackernews.com/2026/05/dirtydecrypt-poc-released-for-linux.html
