There's apparently another Linux LPE
-
There's apparently another Linux LPE.
DirtyDecrypt, also known as DirtyCBC, is a variant of CopyFail / DirtyFrag / Fragnesia.
I suspect it may be CVE-2026-31635.I have not been able to get it to actually work on any Linux distro that I've tried.
-
M mttaggart@infosec.exchange shared this topic
-
There's apparently another Linux LPE.
DirtyDecrypt, also known as DirtyCBC, is a variant of CopyFail / DirtyFrag / Fragnesia.
I suspect it may be CVE-2026-31635.I have not been able to get it to actually work on any Linux distro that I've tried.
@wdormann Confirmed same experience on recent distros.
Apparently the trick is it needs CONFIG_RXGK compiled in, which most distros don't ship.
Kernel 6.8 on Ubuntu 24.04? Nothing.But on mainline kernel 7.0.0 it works (slow but solid):
96/96 bytes
whoami → root 
-
There's apparently another Linux LPE.
DirtyDecrypt, also known as DirtyCBC, is a variant of CopyFail / DirtyFrag / Fragnesia.
I suspect it may be CVE-2026-31635.I have not been able to get it to actually work on any Linux distro that I've tried.
Apparently exploitation requires
CONFIG_RXGK, which most distros don't shipExcept for Fedora.
Or another distro that is running the mainline Linux kernel.
-
There's apparently another Linux LPE.
DirtyDecrypt, also known as DirtyCBC, is a variant of CopyFail / DirtyFrag / Fragnesia.
I suspect it may be CVE-2026-31635.I have not been able to get it to actually work on any Linux distro that I've tried.
@wdormann And there I was, hoping for a relaxed week
-
Apparently exploitation requires
CONFIG_RXGK, which most distros don't shipExcept for Fedora.
Or another distro that is running the mainline Linux kernel.Also, the Dirty frag mitigation protects against this variant as well:
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; echo 3 > /proc/sys/vm/drop_caches; true"
-
R relay@relay.infosec.exchange shared this topic
