"Researchers at Wiz have published an analysis of "Fragnesia," a Linux kernel local privilege escalation flaw discovered by William Bowling of the V12 security team that allows unprivileged users to gain root by corrupting page cache memory. The bug, tracked as CVE-2026-46300, has public proof-of-concept exploit code documented by V12 on GitHub that demonstrates the vulnerability being used against /usr/bin/su to spawn a root shell."
"According to Google-owned Wiz, the flaw sits in the Linux kernel's XFRM subsystem, specifically ESP-in-TCP processing tied to IPsec support. By carefully triggering the bug, attackers can modify protected file data in memory without changing the original files stored on disk. Wiz describes Fragnesia as part of the broader "Dirty Frag" bug family rather than a completely separate class of issue."
""Fragnesia" emerged as an unintended side effect of patches shipped to fix the original Dirty Frag vulnerabilities, adding yet another entry to the long tradition of security fixes accidentally creating new security problems. As The Register previously reported, Dirty Frag followed hot on the heels of Copy Fail, another Linux kernel privilege escalation flaw that abused page cache handling to overwrite supposedly read-only files."
Fragnesia is a Linux kernel local privilege escalation vulnerability tracked as CVE-2026-46300. Unprivileged users can gain root by corrupting page cache memory. The flaw is located in the XFRM subsystem, specifically ESP-in-TCP processing tied to IPsec support. Attackers can trigger the bug to modify protected file data in memory without changing the original files stored on disk. Public proof-of-concept exploit code demonstrates exploitation against /usr/bin/su to spawn a root shell. The issue is described as part of the broader Dirty Frag bug family, which already had public exploit code and unusually reliable privilege escalation. Fragnesia is reported as an unintended side effect of patches intended to fix Dirty Frag vulnerabilities.
Read at theregister
Unable to calculate read time
Collection
[
|
...
]