Public Exploit Released for “DirtyDecrypt”

Public Exploit Released for “DirtyDecrypt”

https://www.linkedin.com/pulse/public-exploit-released-dirtydecrypt-new-critical-acmje

Publish Date: 2026-05-18 15:30:00

Source Domain: www.linkedin.com

Researchers Warn Newly Disclosed Kernel Flaw Could Be Weaponized Against Modern Linux Systems

A newly disclosed Linux privilege-escalation vulnerability dubbed “DirtyDecrypt” is drawing urgent attention across the cybersecurity community after researchers released a proof-of-concept exploit capable of granting root access on vulnerable systems running recent Linux kernels.

The flaw, which affects the Linux kernel’s RxGK subsystem used by the Andrew File System (AFS), adds to a growing wave of high-impact Linux local privilege escalation vulnerabilities uncovered in 2026. While the attack surface is relatively limited, the emergence of publicly available exploit code significantly increases the risk of real-world attacks, especially against developer workstations, cloud environments, and enterprise Linux deployments tracking bleeding-edge kernel releases.

The vulnerability — also referred to as “DirtyCBC” by researchers — stems from a memory handling issue inside the rxgk_decrypt_skb function, where a missing copy-on-write (COW) guard allows page cache corruption under specific conditions. Attackers with local access can exploit the flaw to overwrite privileged memory regions and elevate privileges to root.

Vulnerability Was Independently Discovered by Multiple Researchers

The issue was independently discovered earlier this month by the V12 security research team, which disclosed that maintainers informed them the vulnerability had already been identified and patched upstream before their report was processed.

“We found and reported this on May 9, 2026, but were informed it was a duplicate by…

Source