New Fragnesia Flaw Hands Linux Local Users Root Access

https://www.infosecurity-magazine.com/news/fragnesia-linux-kernel-lpe-root/

Publish Date: 2026-05-22 03:01:44

Source Domain: www.infosecurity-magazine.com

Summary:

A new variant in the Dirty Frag family of local privilege escalation flaws affecting Linux kernels, named Fragnesia and documented as CVE-2026-46300, has been unearthed. The vulnerability was discovered by William Bowling and the V12 team and poses a significant risk to all Linux kernel versions before May 13, 2026, due to its ability to allow unprivileged local users to elevate their privileges to root. This exploit, leveraging ESP-in-TCP encryption and page cache corruption, has a publicly available proof-of-concept and can be used to overwrite in-memory copies of binaries like /usr/bin/su, leading to undetectable root shell execution. The flaw is a side effect of the patch meant to fix Dirty Frag and follows two other recent vulnerabilities. Efforts to mitigate this issue have started with distributed backports and disabling vulnerable esp4, esp6 and rxrpc modules, along with monitoring unprivileged user namespaces and namespace creation activities.

Key Points:

Fragnesia is a new local privilege escalation vulnerability in Linux kernels affecting all versions before May 13, 2026.
The exploit allows unprivileged users to gain root access through page cache corruption.
Discovered by William Bowling and the V12 team, a PoC exploit has been released.
The flaw emerged as an unintended consequence of patches that aimed to address the Dirty Frag vulnerabilities.
Mitigation strategies include disabling specific kernel modules and enhancing namespace monitoring.