Ethical Hacking News
A new high-severity kernel privilege escalation vulnerability has been discovered in Linux systems, leaving them vulnerable to root privilege exploits. The Fragnesia flaw affects all Linux kernels released before May 13, 2026 and is a separate bug from the Dirty Frag vulnerability, but shares the same mitigation. Users are advised to apply kernel updates as soon as possible and follow CISA's guidance for securing their systems.
A high-severity kernel privilege escalation vulnerability dubbed "Fragnesia" (CVE-2026-46300) has been discovered in the Linux XFRM ESP-in-TCP subsystem.The flaw is due to a logic bug that enables unprivileged local attackers to gain root privileges by writing arbitrary bytes to the kernel page cache of read-only files.The vulnerability affects all Linux kernels released before May 13, 2026.A proof-of-concept exploit has been created, which abuses the same surface as the Dirty Frag vulnerability but with a separate patch.Linux users are advised to apply kernel updates or use the same mitigation used for Dirty Frag to remove vulnerable kernel modules.
A new high-severity kernel privilege escalation vulnerability has been discovered in the Linux XFRM ESP-in-TCP subsystem, dubbed "Fragnesia" and tracked as CVE-2026-46300. This security flaw stems from a logic bug that can enable unprivileged local attackers to gain root privileges by writing arbitrary bytes to the kernel page cache of read-only files.
According to Zellic's head of assurance, William Bowling, this vulnerability belongs to the Dirty Frag vulnerability class, which was disclosed last week. The Fragnesia flaw affects all Linux kernels released before May 13, 2026, and is a separate bug from the Dirty Frag vulnerability, but shares the same mitigation.
"Fragnesia is a member of the Dirty Frag vulnerability class," Bowling said. "This is a separate bug in the ESP/XFRM from dirtyfrag which has received its own patch. However, it is in the same surface and the mitigation is the same as for dirtyfrag." It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve arbitrary byte writes into the kernel page cache of read-only files, without requiring any race condition.
The vulnerability was discovered by Zellic's head of assurance, William Bowling, and a proof-of-concept (PoC) exploit that achieves a memory-write primitive in the kernel that is used to corrupt the page cache memory of the /usr/bin/su binary to get a shell with root privileges on vulnerable systems.
Linux users are advised to apply kernel updates for their environment as soon as possible. Those who cannot immediately patch their devices should use the same mitigation used for Dirty Frag commands to remove vulnerable kernel modules, however it is essential to note that this will break AFS distributed network file systems and IPsec VPNs:
rmmod esp4 esp6 rxrpc
printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf
This vulnerability comes as Linux distros are still rolling out patches for "Copy Fail," another privilege escalation vulnerability now actively exploited in the wild.
The U.S. cybersecurity agency, CISA added Copy Fail to its catalog of flaws exploited in attacks on May 1 and ordered federal agencies to secure their Linux systems within two weeks, by May 15.
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," the U.S. cybersecurity agency warned. "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."
Related Information:
https://www.ethicalhackingnews.com/articles/New-Fragnesia-Linux-Flaw-Leaves-Systems-Vulnerable-to-Root-Privilege-Exploits-ehn.shtml
https://www.bleepingcomputer.com/news/security/new-fragnesia-linux-flaw-lets-attackers-gain-root-privileges/
https://nvd.nist.gov/vuln/detail/CVE-2026-46300
https://www.cvedetails.com/cve/CVE-2026-46300/
Published: Thu May 14 03:42:59 2026 by llama3.2 3B Q4_K_M
