• Home
  • cyber
  • Linux Foundation: Cyber Security News ®’s Post
cyber Vulnerability

Linux Foundation: Cyber Security News ®’s Post

May 14, 2026 2 min read
Linux Foundation: Cyber Security News ®’s Post

DirtyDecrypt Linux Kernel Exploit Grants Root Access via RxGK Subsystem Flaw

A new proof-of-concept (PoC) exploit, dubbed DirtyDecrypt (or DirtyCBC), has been released for a high-severity Linux kernel local privilege escalation (LPE) vulnerability, allowing attackers with local access to gain full root privileges on affected systems.

The flaw resides in the rxgk_decrypt_skb() function within the Linux kernel’s RxGK subsystem, a GSS-API-based security layer for RxRPC, the network transport used by the Andrew File System (AFS) client. DirtyDecrypt is the fourth LPE vulnerability discovered in the same XFRM/ESP/rxgk attack surface in the past three weeks, sharing similarities with the actively exploited Copy Fail family of exploits.

The PoC’s release raises concerns about potential exploitation, particularly as it targets a critical kernel component. Systems running vulnerable Linux kernel versions with the RxGK subsystem enabled are at risk. No patches have been confirmed at this time, though administrators are advised to monitor updates from Linux distributions and kernel maintainers.

Source: https://www.linkedin.com/feed/update/urn:li:activity:7462556570816724992

The Linux Foundation cybersecurity rating report: https://www.rankiteo.com/company/the-linux-foundation

"id": "THE1779215025",
"linkid": "the-linux-foundation",
"type": "Vulnerability",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'type': 'Linux-based systems'}],
 'attack_vector': 'Local Access',
 'description': 'A new proof-of-concept (PoC) exploit, dubbed DirtyDecrypt (or '
                'DirtyCBC), has been released for a high-severity Linux kernel '
                'local privilege escalation (LPE) vulnerability, allowing '
                'attackers with local access to gain full root privileges on '
                'affected systems. The flaw resides in the '
                '`rxgk_decrypt_skb()` function within the Linux kernel’s RxGK '
                'subsystem, a GSS-API-based security layer for RxRPC, the '
                'network transport used by the Andrew File System (AFS) '
                'client. DirtyDecrypt is the fourth LPE vulnerability '
                'discovered in the same XFRM/ESP/rxgk attack surface in the '
                'past three weeks, sharing similarities with the actively '
                'exploited Copy Fail family of exploits.',
 'impact': {'operational_impact': 'Potential full root access compromise',
            'systems_affected': 'Linux systems with RxGK subsystem enabled'},
 'post_incident_analysis': {'root_causes': 'Vulnerability in '
                                           '`rxgk_decrypt_skb()` function '
                                           '(RxGK subsystem)'},
 'recommendations': 'Monitor updates from Linux distributions and kernel '
                    'maintainers for patches.',
 'references': [{'source': 'PoC Exploit Release'}],
 'response': {'remediation_measures': 'Monitor updates from Linux '
                                      'distributions and kernel maintainers'},
 'title': 'DirtyDecrypt Linux Kernel Exploit Grants Root Access via RxGK '
          'Subsystem Flaw',
 'type': 'Local Privilege Escalation (LPE)',
 'vulnerability_exploited': 'RxGK subsystem flaw in `rxgk_decrypt_skb()` '
                            'function (Linux kernel)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.