Delphos Labs Blog

Featured
May 15, 2026

DirtyCBC: When Linux Kernel Decrypt-Before-MAC Turns Authenticated Encryption Into a Page-Cache Write

Linux kernel page-cache poisoning via AES-256 chosen-plaintext on the RxGK RESPONSE path and why authenticated encryption did not stop it.

KL
Kamil Leoniak
DirtyCBC: When Linux Kernel Decrypt-Before-MAC Turns Authenticated Encryption Into a Page-Cache Write
DirtyCBC: When Linux Kernel Decrypt-Before-MAC Turns Authenticated Encryption Into a Page-Cache Write thumbnail
Security Research

DirtyCBC: When Linux Kernel Decrypt-Before-MAC Turns Authenticated Encryption Into a Page-Cache Write

Linux kernel page-cache poisoning via AES-256 chosen-plaintext on the RxGK RESPONSE path and why authenticated encryption did not stop it.

KL
Kamil LeoniakMay 15, 2026
Introducing Delphos Labs: Securing the Software That Actually Runs thumbnail
Company
Product

Introducing Delphos Labs: Securing the Software That Actually Runs

Revealing hidden threats in compiled software without source code.

DDCF
David Dubick, Caleb FentonMay 4, 2026