—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Privilege Escalation Vulnerability in Linux Kernel

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Linux Kernel systems with RXGK support enabled (CONFIG_RXGK)

Linux systems using vulnerable RXRPC/RXGK functionality

Systems running affected Linux kernel implementations incorporating the vulnerable rxgk_decrypt_skb() functionality

Overview

A vulnerability commonly referred to as ‘DirtyDecrypt’ has been reported in the Linux Kernel that could allow a local authenticated attacker to escalate privileges and gain root access on the targeted system.

Target Audience:

All organizations and individuals running affected versions of Linux Kernel.

Risk Assessment:

High risk of local privilege escalation and unauthorized access to sensitive kernel memory.

Impact Assessment:

Potential for privilege escalation, unauthorized modification of protected files, system compromise and disruption of affected systems.

Description

The Linux kernel is the core component of many operating systems, responsible for managing hardware resources and providing essential system services and memory management functionality.

This vulnerability commonly referred to as ‘DirtyDecrypt’ exists in the Linux Kernel RXGK decryption handling functionality due to improper handling of memory operations within the rxgk_decrypt_skb() function. An attacker with local access could exploit this flaw to manipulate kernel page cache contents and potentially modify protected file data.

Successful exploitation of this vulnerability could allow a local attacker to gain elevated privileges and obtain root access on the affected system.

Solution

Apply appropriate security updates and kernel patches provided by Linux distribution vendors and upstream maintainers.

Users are advised to monitor and apply updates from: Linux Kernel Organization

Ubuntu Security Notices

Red Hat Security Advisories

SUSE Security Advisories

Debian Security Tracker

Vendor Information

 

Linux Kernel Organization

Ubuntu Security Notices

Red Hat Security Advisories

SUSE Security Advisories

Debian Security Tracker

References

 

https://www.securityweek.com/poc-released-for-dirtydecrypt-linux-kernel-vulnerability/

http://bleepingcomputer.com/news/security/exploit-available-for-new-dirtydecrypt-linux-root-escalation-flaw/

https://access.redhat.com/security/cve/cve-2026-31635

https://thehackernews.com/2026/05/dirtydecrypt-poc-released-for-linux.html

CVE Name

CVE-2026-31635

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoUXQ4ACgkQ3jCgcSdc

ys83AxAAn8Bgdy2V2Rf2KTkIC2JU6hGtPqaCzLgjh1OmpOkPiHVpeXWJMlpKO+nG

kZWmZrr9hhL7mfl3vBJl+LkjpWmWqJ5Kr0o2bvHQHO4aQAt4fBICPmvII8EriGA6

7lxxftCKgfmoDpvMUn/FmFt032rwTGcqEoJ+j6ioxFiG0cATx6IDK6FBMSVB/9gq

tBTmohXC9uO/jd8p3GLSLIxWFZh0uGOIoQTWPzB/gIw39hr6XGlPQ0pH9/M/3hDj

EsOCVeOA4C83MIgWHTF0Vvq0H2WsO8FIdl8/MY9dTl00E1SxVGXRVMzRuz6RwEaP

9RJu7J0BfSBexxLdMM/6QsNEbxu2/r20hI4DsDp09MUazzXnkXk/BRmm4GWWgJCy

I8czgq0G2PB2PJ4WARyUCm1NlB19nZEspm8CvNTYV8gyhR1ivXYKh6NfW5hRIgpf

KbykyA01rPpetrtp6y+qjK9aPWV8m7ZI3YrLVnO0Ut3wnBfYfVvHozK65dw8xeKJ

kuD3Z8CjjcIk733XgqTlrfOL8pTpwL9FunLNX2GE7TZV0enrI5T0jE/ZMLXN4LGo

X6PLmoChNO72lc0FBZ2tSkwgIZmvrTdG9Bj08rZwvdcu6eA7B7KdMgwZE0nyj/yn

nqx9rZhp3zz8yUWTNhvCjTVcw0ZzXWhN9leC7tJvQZht18Un9HI=

=agBJ

—–END PGP SIGNATURE—–