PoC Released for DirtyDecrypt Linux Kernel Vulnerability

Proof-of-concept (PoC) code is now available for another Linux kernel vulnerability that could allow attackers to elevate their privileges to root.

Dubbed DirtyDecrypt (aka DirtyCBC), the exploit comes from the V12 security team, which discovered it earlier this month, after fixes were rolled out in April.

The V12 team has not shared a CVE identifier for the security defect, but noted that it is a missing copy-on-write (COW) guard in the rxgk_decrypt_skb component of the RxGK subsystem.

RxGK is a security class for the RxRPC network protocol used by the Andrew File System (AFS) and OpenAFS, which relies on the GSSAPI framework to provide authentication, confidentiality, and integrity protection.

Due to the missing COW guard, oversized response authenticators are accepted, which results in data being written to the memory of privileged processes or to the page cache of privileged files, such as SUID binaries, Moselwal notes.

PoC Released for DirtyDecrypt Linux Kernel Vulnerability

Other newsrooms on this story

Related reading

DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability

Exploit available for new DirtyDecrypt Linux root escalation flaw

Exploit released for new PinTheft Arch Linux root escalation flaw

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major…

Critical New Linux Zero-Day Leaked—What Admins Need To Do Now

'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit