New Linux Kernel Vulnerability Enables Root Access
CyberSecurityNews • • technology
Key Points:
- A new Linux kernel vulnerability named Fragnesia enables any local unprivileged user to escalate privileges to root without requiring a race condition, making it a highly reliable local privilege escalation exploit.
- Discovered by William Bowling of the V12 security team, Fragnesia exploits a logic flaw in the Linux XFRM ESP-in-TCP subsystem, corrupting memory during socket buffer coalescing by mishandling ESP ciphertext processing.
- The exploit modifies the in-memory page cache of critical binaries like /usr/bin/su without altering the on-disk files, allowing persistent root shell access until the cache is flushed or the system is rebooted.
- All Linux kernels affected by the Dirtyfrag vulnerability class, essentially versions before May 13, 2026, are vulnerable; a patch has been submitted but unpatched systems remain at risk.
- Administrators are urged to immediately unload affected ESP modules and apply the patch, while also flushing caches or rebooting after potential exploitation to remove the modified page cache and prevent persistent root access.