An buga wata shaida ta ra'ayi game da raunin da aka samu. DirtyDecrypt, wanda kuma aka sani da DirtyCBC, yana bawa mai amfani mara gata na gida damar samun gata na asali akan wasu tsarin LinuxMatsalar tana cikin rikodin. rxgk ƙananan tsarin RxRPC kuma yana da alaƙa da rubuta shafi na cache saboda rashin duba kwafi-kan-rubuta a cikin aikin rxgk_decrypt_skb(). An buga PoC a ranar 18 ga Mayu, 2026, ta BleepingComputer; an saka PoC ɗin da kanta a ciki Ma'ajiyar ƙungiyar V12.
RxRPC yarjejeniya ce ta hanyar sadarwa ta kernel. Linux akan UDP, yana samar da ingantaccen jigilar kaya don ayyukan nesa. Takardar kernel ta bayyana musamman cewa AFS — Andrew File System misali ne na aikace-aikacen da ke amfani da RxRPC, kuma yarjejeniyar da kanta tana goyon bayan tattaunawar tsaron haɗi. Nan ne RxGK, wanda ake amfani da shi don yanayin tsaro na RxRPC/AFS, ya shigo cikin aiki.
Dangane da bayanin V12, DirtyDecrypt wani nau'in nau'in raunin da ke tattare da shi ne. Kwafi na Kwafi / Ƙazanta / FragnesiaDuk sun dogara ne akan irin wannan ra'ayi: kuskuren sarrafa ƙwaƙwalwar kernel, cache na shafi, da kuma abubuwan da ke ɓoye na iya ba da damar tsarin gida mara gata ya shafi bayanan da bai kamata a rubuta su ba. A yanayin DirtyDecrypt, wannan "rxgk pagecache write" ne saboda rashin kariyar COW a cikin rxgk_decrypt_skb().
Ƙungiyar V12 ta yi iƙirarin gano matsalar kuma ta bayar da rahotonta. 9 Mayu 2026, amma masu kula da ƙwayoyin halitta sun amsa cewa kwafin kwaro ne da aka riga aka gyara. Daga nan sai masu binciken suka buga wani tabbaci na ra'ayi, suna da'awar cewa gyara ya riga ya kasance a cikin babban ƙwayar.
Yanayin da CVEs ke ciki bai yi kama da abu mai sauƙi ba. BleepingComputer ya ba da rahoton cewa babu wani takamaiman CVE na hukuma don sunan DirtyDecrypt a lokacin da aka buga shi, amma mai sharhi Will Dormann ya haɗa bayanan da V12 ya buga zuwa CVE-2026-31635, an gyara shi a ƙarshen Afrilu. NVD ta bayyana CVE-2026-31635 a matsayin kuskure a cikin rxrpc: aikin rxgk_verify_response() ya duba tsawon mai tantancewa na RESPONSE ba daidai ba, wanda zai iya haifar da mika mai tantancewa mai tsayi da yawa zuwa rxgk_decrypt_skb() kuma ya sa lambar ta gaza BUG_ON(len).
Wato, wallafe-wallafen da ake samu a bainar jama'a suna haɗa DirtyDecrypt zuwa CVE-2026-31635, amma bayanin CVE na yau da kullun a cikin NVD a halin yanzu ya fi kunkuntar kuma yana nufin kuskuren duba tsayi a cikin rxrpc, maimakon kai tsaye zuwa sunan DirtyDecrypt/DirtyCBC a matsayin shigarwa daban. Saboda haka, ya fi daidai a rubuta: DirtyDecrypt yana da alaƙa da ko kuma yana da alaƙa da CVE-2026-31635., maimakon yin iƙirarin cewa shine sunan CVE na hukuma.
Ana buƙatar kernel mai wannan zaɓin da aka kunna don aiki. CONFIG_RXGK, wanda ya haɗa da tallafin RxGK ga abokin ciniki na AFS da jigilar hanyar sadarwa. Wannan yana rage yawan tsarin da abin ya shafa sosai: musamman, ya shafi rarrabawa waɗanda ke bin ƙwayar sama da sauri, gami da Fedora, Arch Linux и budeSUSE TumbleweedBleepingComputer ya jaddada cewa an gwada V12 PoC da aka buga ne kawai akan Fedora da babban kernel.
DirtyDecrypt ya fito ne a kan tushen jerin samfuran iri ɗaya. Linux Rashin raunin LPE. An bayyana a baya Rushewar Kwafi a cikin algif_aead, Ƙazanta Mai Datti a cikin sassan cibiyar sadarwa, sannan Fragnesia a cikin XFRM ESP-in-TCP Microsoft an bayyana Dirty Frag a matsayin wani ƙarin gata na gida ta hanyar abubuwan esp4, esp6, da rxrpc, wanda ke ba wa mai hari damar samun damar shiga gida da kuma samun tushe a cikin tsarin.
Hadarin da ke tattare da irin waɗannan kurakurai shine cewa galibi ana amfani da su bayan an fara keta su: misali, bayan an lalata asusun SSH, harsashi na yanar gizo, kwantena mai rauni, ko mai amfani da sabis mara gata. Bayan samun damar shiga tushen, mai hari zai iya kashe ikon sarrafa tsaro, karanta sirri, gyara rajista, tura juriya, da kuma ci gaba da tafiya ta cikin kayayyakin more rayuwa.
Ana shawartar masu amfani da rarrabawar fitarwa mai yuwuwar da za a iya shafa su shigar da sabbin sabuntawar kernel. Ga tsarin da ba zai yiwu a sabunta shi nan take ba, wallafe-wallafen sun ambaci mafita na wucin gadi kamar kashe na'urorin rxrpc da ba a yi amfani da su ba da kuma abubuwan da suka shafi su. Duk da haka, irin waɗannan hanyoyin magance matsalar na iya karya yanayin AFS da wasu yanayin IPsec/VPN, don haka ya kamata a yi amfani da su ne kawai bayan tabbatar da tasirin da ke kan wani takamaiman tsarin.
Ga yawancin shigarwar tebur da sabar, haɗarin yana da ƙasa da na Kwafi Fail: DirtyDecrypt yana buƙatar takamaiman tsarin kernel da aiwatar da lambar gida. Duk da haka, ga Fedora, Arch Linux, openSUSE Tumbleweed, da sauran tsarin da ke da sabbin abubuwan da ke cikin kernel cikin sauri, batun ya cancanci kulawa: ba rahoton nazari bane, amma rauni ne tare da shaidar ra'ayi da aka buga da kuma hanya bayyananniyar hanyar haɓaka gata.
source: linux.org.ru
