Back

Fragnesia: New Linux Kernel Vulnerability Allows Local Root Access

Severity: High (Score: 72.0)

Sources: access.redhat.com, Computing, Wiz, lwn.net, Almalinux

Summary

A new local privilege escalation vulnerability in the Linux kernel, named Fragnesia and tracked as CVE-2026-46300, has been disclosed. Discovered by William Bowling of the V12 security team, this flaw allows unprivileged local users to gain root access by exploiting a logic bug in the XFRM ESP-in-TCP subsystem. The vulnerability enables attackers to write arbitrary bytes into the kernel page cache of read-only files, including critical binaries like /usr/bin/su, without requiring a race condition. This is the third such vulnerability disclosed in two weeks, following Copy Fail and Dirty Frag, raising significant security concerns across all major Linux distributions. A proof-of-concept exploit has been publicly released, and patches are being rolled out by various Linux vendors. Systems running kernels released before May 13, 2026, are affected, and immediate action is recommended to mitigate risks. Key Points: • Fragnesia (CVE-2026-46300) allows local users to gain root access via page cache corruption. • This vulnerability is the third in a series of critical Linux kernel flaws disclosed in two weeks. • Patches are being rapidly deployed, but systems running vulnerable kernels must act quickly to mitigate risks.

Key Entities

  • Privilege Escalation (attack_type)
  • Zero-day Exploit (attack_type)
  • Alma Linux (company)
  • CloudLinux (company)
  • Debian (company)
  • Fedora (company)
  • Microsoft (company)
  • AlmaLinux (platform)
  • Amazon Linux (platform)
  • Gentoo (platform)
  • Red Hat Enterprise Linux (platform)
  • CentOS Stream (platform)
  • CVE-2026-31431 (cve)
  • CVE-2026-43284 (cve)
  • CVE-2026-43500 (cve)
  • CVE-2026-46300 (cve)
  • Cwe-119 - Improper Restriction Of Operations Within Memory Buffer (cwe)
  • CWE-269 - Improper Privilege Management (cwe)
  • Cwe-787 - Out-of-bounds Write (cwe)
  • 40gentoo.org (domain)
  • bugs.almalinux.org (domain)
  • oss-security-at-lists.openwall.com (domain)
  • tested.in (domain)
  • tools.at (domain)
  • T1055 - Process Injection (mitre_attack)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • T1566 - Phishing (mitre_attack)
  • d260900c5c5cd8f858be0c3cc172df9b6fd11cec (sha1)
  • Copy Fail (vulnerability)
  • CopyFail (vulnerability)
  • Copy Fail 2: Electric Boogaloo (vulnerability)
  • Dirty Cow (vulnerability)
  • Dirty Flag (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed