PROOF-OF-CONCEPT PoC for a Linux kernel local privilege escalation has been released in relation to CVE-2026-31635, a vulnerability that Zellic and V12 security team reported on 9 May 2026. The flaw is described as an rxgk pagecache write issue caused by a missing copy-on-write guard in rxgk_decrypt_skb, enabling writes to memory owned by privileged processes or to the kernel page cache.
The vulnerability is assessed as CVSS 7.5, and the NIST CVE record links to the DirtyDecrypt PoC, with the researchers noting that the bug sits in the function that decrypts an incoming sk_buff on the receive side. It affects distributions with CONFIG_RXGK enabled, including Fedora, Arch Linux and openSUSE Tumbleweed, and could provide an escape path in containerized environments.
The article notes the flaw is connected to a family of related LPE issues dubbed Copy Fail, Dirty Frag and Fragnesia, and that several other CVEs and related advisories have surfaced around the same time, including advisories from Rocky Linux who have introduced a security repository for urgent fixes.