{"id":245793,"date":"2026-05-14T08:27:00","date_gmt":"2026-05-14T12:27:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/14\/the-third-major-linux-kernel-flaw-in-two-weeks-has-been-found-thanks-to-ai\/"},"modified":"2026-05-14T09:00:08","modified_gmt":"2026-05-14T13:00:08","slug":"the-third-major-linux-kernel-flaw-in-two-weeks-has-been-found-thanks-to-ai","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/14\/the-third-major-linux-kernel-flaw-in-two-weeks-has-been-found-thanks-to-ai\/","title":{"rendered":"The third major Linux kernel flaw in two weeks has been found &#8211; thanks to AI"},"content":{"rendered":"<p><a href=\"https:\/\/www.zdnet.com\/article\/third-major-linux-kernel-flaw-in-two-weeks-found-by-ai\/\">The third major Linux kernel flaw in two weeks has been found &#8211; thanks to AI<\/a><\/p>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/third-major-linux-kernel-flaw-in-two-weeks-found-by-ai\/\">https:\/\/www.zdnet.com\/article\/third-major-linux-kernel-flaw-in-two-weeks-found-by-ai\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-14 08:27:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.zdnet.com\">www.zdnet.com<\/a><\/p>\n<p>    <span class=\"c-shortcodeImage_credit g-outer-spacing-top-xsmall u-block\">Kerry Wan\/ZDNET<\/span><\/p>\n<p>Follow ZDNET: <span class=\"c-commerceLink\"><span>Add us as a preferred source<\/span><\/span> on Google.<\/p>\n<h3> \tZDNET&#8217;s key takeaways <\/h3>\n<ul>\n<li>Another bad Linux kernel bug has appeared.<\/li>\n<li>Fragnesia can give unauthorized users root powers.<\/li>\n<li>More open-source security bugs are likely coming.<\/li>\n<\/ul>\n<p>According to Linus&#8217;s law, &#8220;Given enough eyeballs, all bugs are shallow,&#8221; is fundamental to open source.\u00a0<\/p>\n<p>Unfortunately, thanks to AI bug-finding tools, such as Claude Mythos and OpenAI Daybreak, behind most of those eyeballs are AI engines, and they&#8217;re proving to be much faster at finding security problems than human ones.\u00a0<\/p>\n<p><strong>Also:\u00a0<\/strong><strong>Linux is getting a security wake-up call &#8211; why it was inevitable and I&#8217;m not worried<\/strong><\/p>\n<p>So it is the latest serious Linux kernel vulnerability, Fragnesia, has emerged. It&#8217;s the third serious local root flaw in the last two weeks.<\/p>\n<h2>Fragnesia yields root on all major distributions<\/h2>\n<p>Following in the footsteps of Copy Fail and Dirty Frag, this page-cache corruption bug gives unprivileged users a reliable path to full root control on affected systems. And what are those systems, you ask? According to AlmaLinux, Fragnesia immediately yields root on all major distributions. So, essentially, all Linux distros can be targeted and successfully hacked. Are we having fun yet or what? <\/p>\n<p><strong>Also:\u00a0<\/strong><strong>Dirty Frag is a new Linux bug putting your system at risk &#8211; and there&#8217;s no easy fix yet<\/strong><\/p>\n<p>The bug was disclosed this week by the AI security company Zellic, with William Bowling and other researchers using the company&#8217;s AI-agentic software auditing tool, V12. It works by abusing a logic bug in the Linux XFRM (short for &#8220;transform&#8221;) ESP-in-TCP subsystem to write arbitrary bytes into the kernel page cache of read-only files, without requiring any race condition.\u00a0<\/p>\n<p>This opens the door to local privilege escalation and potential container escapes in multi-tenant environments. <\/p>\n<p>Unlike classic race-condition exploits, these vulnerabilities allow attackers to precisely corrupt file-backed pages without timing tricks, making attacks more reliable&#8230;<\/p>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/third-major-linux-kernel-flaw-in-two-weeks-found-by-ai\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The third major Linux kernel flaw in two weeks has been found &#8211; thanks to&#8230;<\/p>\n","protected":false},"author":1,"featured_media":245795,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.zdnet.com\/a\/img\/resize\/f997fcf7a6ba12f76f3c6f321c384f6edb6fba30\/2024\/02\/26\/bb9ba4fc-080d-4e29-9077-a8ccde9cb7b4\/dsc01289.jpg?auto=webp&fit=crop&height=675&width=1200","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[143,89,71,57,27],"class_list":["post-245793","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-almalinux","tag-flaw","tag-linux","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/245793"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=245793"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/245793\/revisions"}],"predecessor-version":[{"id":245797,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/245793\/revisions\/245797"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/245795"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=245793"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=245793"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=245793"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}