PoC for Linux Kernel CVE-2026-31635 Grants Root Access on Fedora, Arch and openSUSE
Updated
Updated · The Hacker News · May 20
PoC for Linux Kernel CVE-2026-31635 Grants Root Access on Fedora, Arch and openSUSE
5 articles · Updated · The Hacker News · May 20
PoC exploit code is now public for CVE-2026-31635, a patched Linux kernel flaw with a 7.5 CVSS score that enables local privilege escalation on systems with CONFIG_RXGK enabled.
The bug stems from a missing copy-on-write guard in rxgk_decrypt_skb(), letting attackers overwrite memory or page-cache data tied to privileged processes and files such as /etc/shadow, /etc/sudoers or SUID binaries.
Fedora, Arch Linux and openSUSE Tumbleweed are among affected distributions, and vulnerable worker nodes in containerized setups could provide a route for pod escape.
DirtyDecrypt is the latest in a string of Linux LPE variants after Copy Fail, Dirty Frag and Fragnesia, all exploiting page-cache write paths to gain root.
That run of disclosures has pushed kernel developers to weigh an emergency runtime 'killswitch,' while Rocky Linux launched an optional security repository for faster out-of-band fixes.
As AI uncovers more kernel flaws, is Linux's performance-driven architecture becoming a critical security liability?
Is the proposed emergency kernel 'killswitch' a necessary safeguard or a future threat to system stability?
With kernel exploits bypassing container isolation, are Micro-VMs now the only viable path for secure cloud applications?
DirtyDecrypt (CVE-2026-31635): Urgent Linux Kernel Vulnerability Exposes Millions to Root Exploit—Patch Now
Overview
DirtyDecrypt (CVE-2026-31635) is a newly disclosed Linux kernel vulnerability that allows attackers with limited access to gain full root control. The risk is urgent because a public proof-of-concept exploit is available, making widespread attacks likely. DirtyDecrypt is related to other recent kernel bugs and affects popular Linux distributions with the CONFIG_RXGK feature enabled, including Fedora and Arch Linux. The threat also extends to containerized environments, where attackers could escape pods and compromise host systems. Immediate patching is critical, as the ease of exploiting this flaw creates a dangerous window for system compromise.