New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation
CVE-2026-46300, known as Fragnesia, is a Linux kernel vulnerability in the XFRM ESP-in-TCP subsystem that allows a local attacker to escalate privileges to root by overwriting sensitive system files. It is similar to previous vulnerabilities Dirty Frag and Copy Fail. A proof-of-concept exploit exists, but there is no evidence of exploitation in the wild. Multiple Linux distributions are affected and have started releasing patches. Microsoft has urged organizations to apply these patches promptly.
AI Analysis
Technical Summary
Fragnesia (CVE-2026-46300) is a local privilege escalation vulnerability in the Linux kernel's XFRM ESP-in-TCP subsystem. It enables an unprivileged attacker to gain root permissions by exploiting a memory write primitive to corrupt page cache memory of critical binaries such as /usr/bin/su or other user-readable files like /etc/passwd. This vulnerability is in the same class as Dirty Frag and Copy Fail, which also target kernel memory corruption to escalate privileges. While a proof-of-concept exploit is publicly available, no confirmed in-the-wild exploitation has been reported. Linux distributions have begun releasing patches to address this issue.
Potential Impact
Successful exploitation of Fragnesia allows a local attacker to gain root privileges on affected Linux systems by modifying sensitive system files. This can lead to full system compromise. Although no active exploitation has been confirmed, the availability of a proof-of-concept exploit increases the risk. The vulnerability affects a majority of Linux distributions, indicating broad impact potential.
Mitigation Recommendations
Patches addressing CVE-2026-46300 have been released by most Linux distributions. Organizations should apply these official patches as soon as possible to mitigate the risk of privilege escalation. Microsoft and other vendors have strongly recommended prompt patching. There is no indication that the vulnerability is already mitigated or that no action is required.
New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation
Description
CVE-2026-46300, known as Fragnesia, is a Linux kernel vulnerability in the XFRM ESP-in-TCP subsystem that allows a local attacker to escalate privileges to root by overwriting sensitive system files. It is similar to previous vulnerabilities Dirty Frag and Copy Fail. A proof-of-concept exploit exists, but there is no evidence of exploitation in the wild. Multiple Linux distributions are affected and have started releasing patches. Microsoft has urged organizations to apply these patches promptly.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Fragnesia (CVE-2026-46300) is a local privilege escalation vulnerability in the Linux kernel's XFRM ESP-in-TCP subsystem. It enables an unprivileged attacker to gain root permissions by exploiting a memory write primitive to corrupt page cache memory of critical binaries such as /usr/bin/su or other user-readable files like /etc/passwd. This vulnerability is in the same class as Dirty Frag and Copy Fail, which also target kernel memory corruption to escalate privileges. While a proof-of-concept exploit is publicly available, no confirmed in-the-wild exploitation has been reported. Linux distributions have begun releasing patches to address this issue.
Potential Impact
Successful exploitation of Fragnesia allows a local attacker to gain root privileges on affected Linux systems by modifying sensitive system files. This can lead to full system compromise. Although no active exploitation has been confirmed, the availability of a proof-of-concept exploit increases the risk. The vulnerability affects a majority of Linux distributions, indicating broad impact potential.
Mitigation Recommendations
Patches addressing CVE-2026-46300 have been released by most Linux distributions. Organizations should apply these official patches as soon as possible to mitigate the risk of privilege escalation. Microsoft and other vendors have strongly recommended prompt patching. There is no indication that the vulnerability is already mitigated or that no action is required.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/new-linux-kernel-vulnerability-fragnesia-allows-root-privilege-escalation/","fetched":true,"fetchedAt":"2026-05-14T13:51:37.167Z","wordCount":960}
Threat ID: 6a05d369ec166c07b0e3214a
Added to database: 5/14/2026, 1:51:37 PM
Last enriched: 5/14/2026, 1:51:49 PM
Last updated: 5/15/2026, 6:27:13 AM
Views: 68
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.