Cybersecurity Announcement: Linux Kernel Privilege Escalation to Root Vulnerability - Dirty Decrypt (CVE-2026-31635)

This document is the cybersecurity announcement for CVE-2026-31635, DirtyDecrypt Linux LPE vulnerability.

About the Event

DirtyDecrypt, also known as DirtyCBC, is a variant of CopyFail / DirtyFrag / Fragnesia. It was discovered on May 9, by Aaron Esau of the V12 Security Team

Actions to Consider

This attack is similar to Copy-Fail as it is a consistent Local Privilege Escalation (LPE), no race condition is necessary. Cybersecurity recommends Linux administrators evaluate their risks and follow mitigation instructions included in the articles linked in the References section. Currently, there are no vendor-provided patches to remediate this vulnerability.

If you believe you may have been compromised please contact the Office of Cybersecurity at cybersecurity@cio.wisc.edu.

Event Impact

Any local unprivileged user would be able to obtain root-level access resulting in a full system takeover. Proof of concept code is already publicly available.

References

https://thehackernews.com/2026/05/dirtydecrypt-poc-released-for-linux.html

https://nvd.nist.gov/vuln/detail/CVE-2026-31635

https://github.com/v12-security/pocs/tree/09e835b587bf71249775654061ae4c79e92cf430/dirtydecrypt

Keywords:

linux privilege escalation DirtyDecrypt dirty decrypt cve-2026-31635

Doc ID:

161414

Owned by:

Jamie G. in Cybersecurity Vulnerablity Management

Created:

2026-05-19

Updated:

2026-05-19

Sites:

Cybersecurity Testing and Cyber Defense, Cybersecurity Vulnerablity Management

0 0 Comment Suggest new doc