Back

Fragnesia Vulnerability Exposes Linux Systems to Root Privilege Escalation

Severity: High (Score: 72.8)

Sources: access.redhat.com, Computing, Wiz, Bleepingcomputer, Infosecurity-Magazine

Summary

A new Linux kernel vulnerability, dubbed Fragnesia and tracked as CVE-2026-46300, allows unprivileged local users to gain root access by exploiting a flaw in the XFRM ESP-in-TCP subsystem. Discovered by William Bowling, this vulnerability enables attackers to write arbitrary bytes to the kernel page cache of read-only files, such as /usr/bin/su, without requiring a race condition. The flaw is part of a series of recent vulnerabilities, including Dirty Frag and Copy Fail, which have been disclosed within weeks of each other. Public proof-of-concept exploit code is available, increasing the urgency for patches. Affected systems include all major Linux distributions, with AlmaLinux, Red Hat, and Ubuntu among those issuing advisories. Administrators are urged to apply patches or disable vulnerable modules to mitigate risks. The situation is critical as the vulnerability is actively exploitable, with significant implications for multi-tenant environments. Key Points: • Fragnesia (CVE-2026-46300) allows local users to escalate privileges to root on Linux systems. • The vulnerability exploits a flaw in the XFRM ESP-in-TCP subsystem, affecting all major Linux distributions. • Public exploit code is available, prompting immediate patching or mitigation actions from administrators.

Key Entities

  • Privilege Escalation (attack_type)
  • Zero-day Exploit (attack_type)
  • Alma Linux (company)
  • CloudLinux (company)
  • Debian (company)
  • Fedora (company)
  • Microsoft (company)
  • AlmaLinux (platform)
  • Amazon Linux (platform)
  • Gentoo (platform)
  • Red Hat Enterprise Linux (platform)
  • CentOS Stream (platform)
  • CVE-2026-31431 (cve)
  • CVE-2026-43284 (cve)
  • CVE-2026-43500 (cve)
  • CVE-2026-46300 (cve)
  • CWE-269 - Improper Privilege Management (cwe)
  • Cwe-787 - Out-of-bounds Write (cwe)
  • bugs.almalinux.org (domain)
  • tools.at (domain)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • T1566 - Phishing (mitre_attack)
  • Copy Fail (vulnerability)
  • Dirty Cow (vulnerability)
  • Dirty Frag (vulnerability)
  • DirtyFrag (vulnerability)
  • Fragnasia (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed