New Fragnesia Linux flaw lets attackers gain root privileges
BleepingComputer • • technology
Key Points:
- A high-severity Linux kernel privilege escalation vulnerability called Fragnasia (CVE-2026-46300) allows local attackers to run malicious code as root by exploiting a logic bug in the XFRM ESP-in-TCP subsystem.
- Discovered by William Bowling of Zellic, Fragnasia enables arbitrary byte writes to the kernel page cache of read-only files, affecting all Linux kernels released before May 13, 2026, and comes with a public proof-of-concept exploit.
- Fragnasia is part of the Dirty Frag vulnerability class, which involves similar kernel page cache write flaws and requires similar mitigations, including removing vulnerable kernel modules that may disrupt AFS and IPsec VPN functionality.
- Linux users are urged to apply kernel patches promptly to secure their systems, while interim mitigations involve disabling specific kernel modules using modprobe configurations to prevent exploitation.
- This disclosure coincides with ongoing patch rollouts for another active Linux privilege escalation flaw, "Copy Fail," which the U.S. CISA has mandated federal agencies to address by May 15 due to its exploitation in the wild.