{"id":245993,"date":"2026-05-14T09:44:00","date_gmt":"2026-05-14T13:44:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/14\/new-linux-kernel-vulnerability-fragnesia-allows-root-privilege-escalation\/"},"modified":"2026-05-14T13:55:07","modified_gmt":"2026-05-14T17:55:07","slug":"new-linux-kernel-vulnerability-fragnesia-allows-root-privilege-escalation","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/14\/new-linux-kernel-vulnerability-fragnesia-allows-root-privilege-escalation\/","title":{"rendered":"New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation"},"content":{"rendered":"<p><a href=\"https:\/\/www.securityweek.com\/new-linux-kernel-vulnerability-fragnesia-allows-root-privilege-escalation\/\">New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation<\/a><\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/new-linux-kernel-vulnerability-fragnesia-allows-root-privilege-escalation\/\">https:\/\/www.securityweek.com\/new-linux-kernel-vulnerability-fragnesia-allows-root-privilege-escalation\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-14 09:44:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.securityweek.com\">www.securityweek.com<\/a><\/p>\n<p><strong>Linux distributions are informing users about a new kernel vulnerability that can be exploited by a local attacker to escalate privileges to root.<\/strong><\/p>\n<p>Dubbed <strong>Fragnesia<\/strong> and officially tracked as CVE-2026-46300, the issue resides in the kernel\u2019s XFRM ESP-in-TCP subsystem, allowing an unprivileged attacker to gain root permissions by overwriting sensitive system files.\u00a0<\/p>\n<p>A majority of Linux distributions are affected, and they have started releasing patches.<\/p>\n<p>A proof-of-concept (PoC) exploit is available, but there is no evidence that Fragnesia has been exploited in the wild.<\/p>\n<p>\u201cSimilar to Dirty Frag, Fragnesia exploits a vulnerability in the XFRM ESP-in-TCP subsystem to achieve a memory write primitive in the kernel,\u201d Microsoft\u2019s threat intelligence team said.<\/p>\n<p>\u201cThe primitive is then used to corrupt the page cache memory of the [\/]usr[\/]bin[\/]su binary, which in turn leads to launching a shell with root privilege. Note that exploitation is not constrained to use the [\/]usr[\/]bin[\/]su binary; it can modify any file readable by the user, including [\/]etc[\/]passwd,\u201d it added.<\/p>\n<p><span class=\"zox-ad-label\">Advertisement. Scroll to continue reading.<\/span><\/p>\n<p>Microsoft has urged organizations to apply the available patches as soon as possible.<\/p>\n<p>Fragnesia is in the same class of vulnerabilities as the recently disclosed Dirty Frag and Copy Fail.<\/p>\n<p>Copy Fail has been exploited in the wild, and Microsoft noted shortly after Dirty Frag\u2019s disclosure that it too may have been leveraged in malicious attacks.\u00a0<\/p>\n<p>The tech giant reported on May 8 that its Defender product had seen limited in-the-wild activity that could indicate exploitation of either Dirty Frag or Copy Fail.<\/p>\n<p>At the time of writing, there do not appear to be any other reports confirming the exploitation of Dirty Frag.<\/p>\n<p><strong>Related<\/strong>: OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years<\/p>\n<p><strong>Related<\/strong>: Easily Exploitable \u2018Pack2TheRoot\u2019 Linux Vulnerability Leads to Root Access<\/p>\n<p><strong>Related<\/strong>: Organizations Warned&#8230;<\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/new-linux-kernel-vulnerability-fragnesia-allows-root-privilege-escalation\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation https:\/\/www.securityweek.com\/new-linux-kernel-vulnerability-fragnesia-allows-root-privilege-escalation\/ Publish Date: 2026-05-14 09:44:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":245994,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.securityweek.com\/wp-content\/uploads\/2025\/02\/Linux-malware.jpeg","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,31,89,71,27],"class_list":["post-245993","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-exploit","tag-flaw","tag-linux","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/245993"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=245993"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/245993\/revisions"}],"predecessor-version":[{"id":245995,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/245993\/revisions\/245995"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/245994"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=245993"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=245993"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=245993"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}