PT-2026-34987 · Linux · Linux Kernel

Published

2026-04-08

·

Updated

2026-07-09

·

CVE-2026-31635

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A memory corruption issue exists in the RxRPC subsystem of the Linux kernel, specifically within the rxgk verify response() function. The function incorrectly validates the auth len parameter from a packet due to an inverted check, allowing oversized RESPONSE authenticators to be accepted. These are then passed to the rxgk decrypt skb() function, which can lead to an impossible length being passed to skb to sgvec(), triggering a kernel bug. This flaw, also known as DirtyDecrypt or DirtyCBC, allows a local attacker to cause a denial of service or achieve root-level privilege escalation by performing arbitrary kernel writes. The issue specifically affects systems where the CONFIG RXGK configuration is enabled, which provides RxGK security support for the Andrew File System (AFS) network transport. This includes certain distributions such as Fedora, Arch Linux, and openSUSE Tumbleweed.
Recommendations Apply the latest security patches and kernel updates provided by the Linux distribution vendor. As a temporary mitigation, disable the CONFIG RXGK configuration to restrict the use of the vulnerable component.

Exploit

Fix

DoS

LPE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07086
CVE-2026-31635
USN-8490-1
USN-8490-2
USN-8491-1
USN-8508-1

Affected Products

Linux Kernel