Linux Kernel bug Fragnesia allows local root access attacks
Linux Kernel bug Fragnesia allows local root access attacks
Publish Date: 2026-05-14 14:00:00
Source Domain: securityaffairs.com
Linux Kernel bug Fragnesia allows local root access attacks
Pierluigi Paganini
May 14, 2026
Fragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption.
Researchers disclosed a new Linux kernel privilege escalation vulnerability named Fragnesia, tracked as CVE-2026-46300 (CVSS score of 7.8). The flaw affects the XFRM ESP-in-TCP subsystem and could allow local attackers to gain full root access by corrupting the kernel page cache.
Security experts warn that the issue is dangerous because attackers with low privileges can modify read-only files in memory and take complete control of vulnerable systems. The vulnerability was discovered by William Bowling of the V12 security team, while Wiz published a detailed technical analysis.
“The vulnerability allows unprivileged local attackers to modify read-only file contents in the kernel page cache.” reads the report published by Wiz. “Attackers can then achieve root privileges through deterministic page-cache corruption.”
Fragnesia shares similarities with earlier Linux privilege escalation flaws, such as Dirty Frag and Copy Fail. According to researchers, the bug can reliably provide root access on major Linux distributions without requiring race conditions or complicated timing attacks.
“This is a separate bug from Dirty Frag, but it affects the same attack surface.” contibyes the report. “The mitigation strategy is also largely the same.”
Researchers explained that the vulnerability abuses a logic flaw inside the ESP/XFRM networking subsystem, allowing arbitrary writes into the page cache memory of protected files such as /usr/bin/su.
“Fragnesia exploits a logic flaw in the Linux XFRM ESP-in-TCP implementation, specifically involving improper handling of shared page fragments during skb coalescing.” states the report. “The exploit…
