Security researchers have uncovered a new local privilege escalation (LPE) vulnerability in the Linux kernel, designated CVE-2026-46300 and nicknamed Fragnesia. This flaw belongs to the same class of vulnerabilities as the recently disclosed Dirty Frag bugs, and it was unintentionally introduced by a security patch that aimed to fix one of those earlier issues.

Background: The Dirty Frag family

The Dirty Frag vulnerabilities were a set of Linux kernel bugs discovered by Hyunwoo Kim, affecting the xfrm-ESP (IPsec Encapsulating Security Payload) module. These flaws allowed local attackers to corrupt kernel memory and escalate privileges. In response, kernel maintainers developed a patch for CVE-2026-43284, one of the original Dirty Frag CVEs. However, this patch inadvertently created a new attack surface by altering memory management behavior in a way that opened the door to Fragnesia.

Fragnesia was discovered by William Bowling of Zellic.io, using the company’s AI-driven software auditing tool. The research team published a technical explainer and proof-of-concept exploit code, demonstrating that unprivileged local attackers can modify read-only file contents stored in the kernel page cache. By corrupting the page cache in a deterministic manner, an attacker can achieve root privileges on the target system.

Technical details of CVE-2026-46300

The vulnerability resides in the same xfrm-ESP module that housed the original Dirty Frag bugs. The core issue is a race condition in how the kernel handles IPsec packet reassembly. When a packet fragment arrives, the kernel stores it in a data structure within the xfrm-ESP code. The flawed patch introduced a scenario where a specially crafted sequence of fragments can cause the kernel to incorrectly manage memory references, leading to a use-after-free condition. This, in turn, allows an attacker to overwrite read-only memory pages, including those used for the page cache.

Because the page cache is a shared resource—even between containers on the same host—the impact extends beyond single-user workstations. In multi-tenant environments like cloud servers, CI runners, build farms, and container clusters, a successful exploit can compromise all users or workloads sharing the same kernel. Microsoft’s threat analysts noted that an attacker can modify any file readable by the user, including critical system binaries such as /usr/bin/su or configuration files like /etc/passwd.

Exploitation scenario

The public proof-of-concept overwrites the /usr/bin/su binary in the page cache with a malicious version, effectively backdooring the setuid binary. When a legitimate user then uses the su command, the attacker’s code executes with root privileges. Since the corruption is purely in memory (the page cache), the underlying disk image remains intact until the cache is flushed or the system is rebooted. This makes detection difficult, as file integrity checks on disk will not reveal the compromise.

Researchers emphasized that exploitation is not limited to su; any file readable by the attacker can be targeted. For example, modifying /etc/passwd could grant the attacker a root shell on the next login attempt. The deterministic nature of the corruption—achieved by specific fragment timings—makes the attack highly reliable once the attacker gains unprivileged code execution on the target.

Mitigation and patching status

Linux distribution vendors have begun releasing kernel patches. AlmaLinux and CloudLinux were among the first to provide updated kernels. For environments where immediate patching is not possible, administrators can mitigate the risk by unloading the vulnerable kernel modules: esp4, esp6, and rxrpc. These modules handle IPsec ESP packet processing and the RxRPC protocol, both of which expose the code path containing Fragnesia. Blacklisting or unloading them prevents the vulnerable code from being executed.

CloudLinux also warned that the mitigation alone may not be sufficient if an attacker has already exploited the vulnerability before the modules were unloaded. They recommend dropping the entire page cache after applying mitigations to force a reload from disk. The command sudo sh -c "echo 3 > /proc/sys/vm/drop_caches" will clear clean page cache entries, removing any potentially corrupted data from memory.

Comparison with Copy Fail

While Fragnesia is a newly discovered bug, it follows a pattern similar to the Copy Fail vulnerability (CVE-2026-2154), which was also a Linux kernel LPE in the cryptographic subsystem. Copy Fail has already been exploited in the wild and was added to CISA’s Known Exploited Vulnerabilities catalog earlier in 2026. Although there is no evidence of in-the-wild exploitation of Fragnesia yet, the similarities suggest it is only a matter of time before attackers weaponize it.

For Copy Fail, the temporary mitigation involves unloading the algif_aead module, which exposes the affected code. In both cases, the kernel community has responded quickly, but the rapid succession of such bugs—Dirty Frag, Copy Fail, Fragnesia—raises concerns about the complexity of memory management in network and crypto subsystems.

Risk assessment and affected environments

Fragnesia poses the greatest risk to:

• Shared Linux hosts where multiple users share a single kernel, such as university servers or multitenant hosting platforms.
• Container clusters (e.g., Docker, Kubernetes) where the page cache is shared across the host and containers share a kernel.
• CI runners and build farms where many short-lived processes run with varying privileges.
• Cloud SaaS solutions that execute user code in sandboxed environments; a successful break-out could compromise the entire platform.

Single-user workstations and single-tenant servers are less likely to be targeted because the attacker would already need unprivileged access to the machine. However, once inside, a low-privileged user or a malicious container can leverage Fragnesia to gain full root control.

Long-term implications

The discovery of Fragnesia underscores a growing trend: security patches can inadvertently introduce new vulnerabilities. The Linux kernel is a massive codebase with many interdependent subsystems. As AI-assisted auditing tools become more prevalent, researchers are finding bugs that might have remained latent for years. The xfrm-ESP module, which handles IPsec traffic, is a particularly rich hunting ground because it deals with complex packet parsing and memory allocation.

Administrators are advised to stay vigilant and apply kernel updates as soon as they become available. Automating the detection and unloading of vulnerable modules can reduce the window of exposure. Additionally, organizations using container orchestration should consider using seccomp profiles, AppArmor, or SELinux to further restrict what an unprivileged attacker can do even after gaining a foothold.

Researchers from Microsoft’s threat intelligence team reiterated that while no active exploitation has been observed for Fragnesia, the proof-of-concept code is publicly available. Attackers typically integrate such exploits into their toolkits within weeks of disclosure. The window for proactive defense is narrow.

Linux distributions continue to release patches. For the latest information, sysadmins should monitor their vendor’s security advisories. In the interim, the recommended actions are to unload the esp4, esp6, and rxrpc modules, blacklist them in configuration files, clear the page cache, and prepare to deploy vendor-supplied kernel updates as soon as they arrive.

Source: Help Net Security News