DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability

Key Points:

• A local privilege escalation (LPE) vulnerability called DirtyDecrypt (CVE-2026-31635) affecting Linux kernels with CONFIG_RXGK enabled has been publicly disclosed along with proof-of-concept exploit code, allowing attackers to write to privileged memory due to a missing copy-on-write guard.
• DirtyDecrypt impacts distributions like Fedora, Arch Linux, and openSUSE Tumbleweed, and poses risks in containerized environments by enabling potential pod escapes through compromised worker nodes.
• This vulnerability is related to earlier LPE flaws such as Copy Fail, Dirty Frag, and Fragnesia, which exploit kernel page cache write primitives to gain root privileges, highlighting a series of cryptographic socket interface weaknesses disclosed in recent months.
• In response to multiple recent Linux kernel vulnerabilities, developers are considering an emergency "killswitch" mechanism to disable vulnerable kernel functions at runtime as a temporary mitigation before official patches are available.
• Rocky Linux has introduced an optional security repository aimed at delivering urgent fixes rapidly for severe vulnerabilities when upstream patches are delayed, while maintaining the default stable and upstream-compatible experience for users.