Fragnesia Exploit Threatens Major Linux Distributions
Fragnesia Exploit Threatens Major Linux Distributions
https://sqmagazine.co.uk/fragnesia-linux-root-access-vulnerability/
Publish Date: 2026-05-14 08:08:00
Source Domain: sqmagazine.co.uk
A newly disclosed Linux kernel vulnerability called Fragnesia is raising concerns after researchers confirmed it can give local attackers full root access on several major Linux distributions.
Quick Summary – TLDR:
- Fragnesia is a newly discovered Linux local privilege escalation vulnerability.
- The flaw affects the Linux kernel’s XFRM ESP in TCP subsystem.
- Attackers can gain root privileges by corrupting page cache memory.
- Multiple Linux vendors including Ubuntu, Debian, Red Hat, and SUSE have released advisories.
What Happened?
Security researchers have disclosed details about a new Linux kernel local privilege escalation vulnerability named Fragnesia, tracked as CVE-2026-46300. The flaw is being described as another member of the recently discovered Dirty Frag family of Linux vulnerabilities.
Researchers say the issue allows unprivileged local attackers to gain root access by modifying read only file contents stored inside the kernel page cache. The vulnerability affects the Linux kernel’s XFRM ESP in TCP implementation, a networking feature used for encrypted traffic handling.
🛑 3rd Linux kernel LPE in just ~2 weeks: Fragnesia (CVE-2026-46300) just dropped.
Attackers can now gain root by corrupting the kernel page cache through a flaw in XFRM ESP-in-TCP.
PoC is public. Major distros have already issued advisories.
Details: https://t.co/s8S9XA3sl1
— The Hacker News (@TheHackersNews) May 14, 2026
A New Variant in the Dirty Frag Family
Fragnesia emerged shortly after researchers disclosed the original Dirty Frag vulnerability. According to security researcher Hyunwoo Kim, the issue appeared as an unintended side effect of patches created for earlier Dirty Frag related flaws.
Research from the V12 security team and cloud security company Wiz revealed that the vulnerability abuses improper handling of shared page fragments during skb coalescing inside the kernel networking stack.
V12 said:
“
This is a separate…
