PT-2026-34987 · Linux · Linux Kernel
Published
2026-04-08
·
Updated
2026-07-09
·
CVE-2026-31635
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A memory corruption issue exists in the RxRPC subsystem of the Linux kernel, specifically within the
rxgk verify response() function. The function incorrectly validates the auth len parameter from a packet due to an inverted check, allowing oversized RESPONSE authenticators to be accepted. These are then passed to the rxgk decrypt skb() function, which can lead to an impossible length being passed to skb to sgvec(), triggering a kernel bug. This flaw, also known as DirtyDecrypt or DirtyCBC, allows a local attacker to cause a denial of service or achieve root-level privilege escalation by performing arbitrary kernel writes. The issue specifically affects systems where the CONFIG RXGK configuration is enabled, which provides RxGK security support for the Andrew File System (AFS) network transport. This includes certain distributions such as Fedora, Arch Linux, and openSUSE Tumbleweed.Recommendations
Apply the latest security patches and kernel updates provided by the Linux distribution vendor.
As a temporary mitigation, disable the
CONFIG RXGK configuration to restrict the use of the vulnerable component.Exploit
Fix
DoS
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel