DirtyDecrypt: New Linux Kernel Vulnerability Grants Root Access via RxGK Subsystem

beyondmachines1@infosec.exchange

DirtyDecrypt: New Linux Kernel Vulnerability Grants Root Access via RxGK Subsystem

A new Linux kernel vulnerability known as DirtyDecrypt (CVE-2026-31635) allows local attackers to gain root privileges by exploiting a missing copy-on-write guard in the RxGK subsystem. The flaw primarily affects bleeding-edge distributions like Fedora and Arch Linux, and a public exploit is now available.

**If you're running Linux systems with kernels compiled with `CONFIG_RXGK` enabled (mainly Fedora, Arch, or openSUSE Tumbleweed), update your kernel ASAP, since a working exploit is publicly available. If you can't patch, apply the temporary `modprobe` workaround to disable the vulnerable RxRPC and ESP modules, but test it first as it will break IPsec VPNs and AFS file systems.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/dirtydecrypt-new-linux-kernel-vulnerability-grants-root-access-via-rxgk-subsystem-e-8-v-c-6/gD2P6Ple2L