Skip to content
Tech News
← Back to articles

New Fragnesia Linux flaw lets attackers gain root privileges

2026-05-14 | original
read original get Linux Kernel Security Book → more articles
Why This Matters

The Fragnasia Linux flaw highlights a critical security vulnerability that could allow attackers to escalate privileges to root, posing significant risks to Linux systems worldwide. This underscores the importance of timely updates and patches to protect sensitive data and maintain system integrity in the evolving cybersecurity landscape.

Key Takeaways

Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability that allows attackers to run malicious code as root.

Known as Fragnasia and tracked as CVE-2026-46300, this security flaw stems from a logic bug in the Linux XFRM ESP-in-TCP subsystem that can enable unprivileged local attackers to gain root privileges by writing arbitrary bytes to the kernel page cache of read-only files.

Zellic's head of assurance, William Bowling, who discovered this new universal local privilege escalation flaw, also shared a proof-of-concept (PoC) exploit that achieves a memory-write primitive in the kernel that is used to corrupt the page cache memory of the /usr/bin/su binary to get a shell with root privileges on vulnerable systems.

Bowling said this flaw belongs to the Dirty Frag vulnerability class, which was disclosed last week, and affects all Linux kernels released before May 13, 2026. Just as Fragnasia, Dirty Frag has a publicly available PoC exploit that local attackers can use to gain root privileges on major Linux distributions.

However, Dirty Frag works by chaining two separate kernel flaws, the xfrm-ESP Page-Cache Write vulnerability (CVE-2026-43284) and a RxRPC Page-Cache Write security issue (CVE-2026-43500), to achieve privilege escalation by modifying protected system files in memory.

"Fragnesia is a member of the Dirty Frag vulnerability class. This is a separate bug in the ESP/XFRM from dirtyfrag which has received its own patch. However, it is in the same surface and the mitigation is the same as for dirtyfrag," Bowling said.

"It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve arbitrary byte writes into the kernel page cache of read-only files, without requiring any race condition."

To secure systems against attacks, Linux users are advised to apply kernel updates for their environment as soon as possible.

Those who can't immediately patch their devices should use the same mitigation used for Dirty Frag commands to remove vulnerable kernel modules (however, it's important to note that this will break AFS distributed network file systems and IPsec VPNs):

rmmod esp4 esp6 rxrpc printf 'install esp4 /bin/false

... continue reading

Explore topics: linux kernel fragnasia cve-2026-46300 zellic
Related:
At just $149, the Dangbei N2 mini projector has never been cheaper
Germany's Sovereign Tech Fund Backs KDE with €1.3M
Understanding the Linux Kernel: The Linux Kernel Startup
First public macOS kernel memory corruption exploit on Apple M5
Linux devs are fighting the new age-gated internet

© 2026 GoKawiil

About | Editorial Policy | Contact