Walking through Dirty Pipe (CVE-2022-0847) from a 2026 angle: one uninitialized pipe_buffer.flags bit kept PIPE_BUF_FLAG_CAN_MERGE alive into splice'd pages, plus patched-kernel checks for distros and containers.
DirtyDecrypt PoC proves local root via Linux RxGK page cache writes on Fedora, Arch, and Tumbleweed with CONFIG_RXGK=y. NVD describes CVE-2026-31635 only as a DoS; Ubuntu LTS and Debian stable stock kernels are not affected. Check commands and container mitigation included.
The fix for CVE-2024-41110 missed the upper bound — request bodies over 1MB bypass AuthZ plugins. All Docker Engine versions before 29.3.1 are affected.
