CVE-2026-31635

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory corruption issue exists in the RxRPC subsystem of the Linux kernel, specifically within the rxgk module. The function rxgk verify response() contains an inverted check when decoding the auth len variable from a packet, allowing oversized RESPONSE authenticators to be accepted. These are then passed to rxgk decrypt skb(), which may modify shared packet memory without proper copy-on-write validation. This can lead to an impossible length being passed to skb to sgvec(), triggering a kernel bug or memory corruption. This flaw, also known as DirtyDecrypt or DirtyCBC, can be exploited by unprivileged users to achieve arbitrary kernel writes, resulting in a denial of service or local privilege escalation to root access. The issue specifically affects systems with CONFIG RXGK enabled, including distributions such as Fedora, Arch Linux, and openSUSE Tumbleweed.

Recommendations Install the latest kernel updates to resolve the issue. As a temporary workaround, disable the CONFIG RXGK configuration to restrict the use of the vulnerable module.