Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
DirtyDecrypt Exploit PoC for Linux Kernel Vulnerability Released

DirtyDecrypt Exploit PoC for Linux Kernel Vulnerability Released

Posted on May 19, 2026 By CWS

A newly released proof-of-concept exploit, known as DirtyDecrypt, is drawing attention to a security vulnerability in the Linux kernel. This flaw, identified as CVE-2026-31635, allows for local privilege escalation, posing significant security risks. Initially discovered by the Zellic and V12 security team, the exploit was reported on May 9, 2026. However, the Linux kernel maintainers noted it as a duplicate of an already addressed vulnerability in the mainline.

Technical Details of the Vulnerability

The DirtyDecrypt vulnerability arises from a missing copy-on-write (COW) guard in the rxgk_decrypt_skb function. This function, responsible for decrypting incoming socket buffers, mishandles memory pages shared with other processes’ page caches, leading to potential privilege escalation. The absence of the COW guard allows data to be written into privileged memory spaces, impacting files like /etc/shadow and /etc/sudoers.

Only Linux distributions with CONFIG_RXGK enabled, such as Fedora, Arch Linux, and openSUSE Tumbleweed, are affected. In containerized environments, the flaw could enable pod escape on worker nodes running a vulnerable Linux version. This vulnerability is considered a variant of previous exploits like Copy Fail and Dirty Frag, both of which allow root access on affected systems.

Context and Previous Vulnerabilities

Copy Fail, first disclosed by Theori researchers in April 2026, targets the AF_ALG cryptographic socket interface. The subsequent Dirty Frag expands this with additional write primitives. Public disclosure of Dirty Frag was accelerated after an embargo lapse, leading to independent publication of the exploit details. Another variant, Fragnesia, affects the XFRM ESP-in-TCP subsystem, allowing unprivileged users to gain root access.

Simultaneously, other vulnerabilities such as an LPE flaw in the Linux PackageKit daemon (Pack2TheRoot) and an improper privilege management flaw in the kernel (ssh-keysign-pwn) have emerged, prompting concerns within the Linux community.

Security Measures and Future Outlook

The surge in vulnerability disclosures has prompted Linux developers to consider an emergency “killswitch” mechanism. This proposal would enable administrators to disable specific kernel functions temporarily while waiting for patches. The killswitch could provide a stopgap solution to mitigate the impact of zero-day vulnerabilities.

In response, Rocky Linux has introduced an optional security repository for rapid deployment of urgent fixes. Though disabled by default, this repository aims to bridge the gap when critical vulnerabilities are disclosed before official patches are available. Rocky Linux emphasizes that this repository complements, rather than replaces, its standard release process.

As the Linux community navigates these challenges, the focus remains on ensuring robust security measures and timely updates to safeguard against emerging threats.

The Hacker News Tags:CVE-2026-31635, Cybersecurity, DirtyDecrypt, Exploit, KillSwitch, Linux distributions, Linux kernel, privilege escalation, Rocky Linux, Security, security patch, Vulnerability, Zellic

Post navigation

Previous Post: GitHub Action Hack Exposes Developer Credentials
Next Post: Cyber Resilience: Key to Modern Business Continuity

Related Posts

Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks The Hacker News
VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code The Hacker News
CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack The Hacker News
AI Browsers Vulnerable to Phishing Attacks: A Security Concern AI Browsers Vulnerable to Phishing Attacks: A Security Concern The Hacker News
New Cyber Threat OP-512 Hits Microsoft IIS Servers New Cyber Threat OP-512 Hits Microsoft IIS Servers The Hacker News
Oracle Resolves Critical RCE Vulnerability in Identity Manager Oracle Resolves Critical RCE Vulnerability in Identity Manager The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Fake Installers Deploy SharkLoader Malware in Networks
  • Critical Vulnerabilities in FatFs Impact Millions of Devices
  • Hackers Exploit Blogspot and PowerShell for Data Theft
  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Fake Installers Deploy SharkLoader Malware in Networks
  • Critical Vulnerabilities in FatFs Impact Millions of Devices
  • Hackers Exploit Blogspot and PowerShell for Data Theft
  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark