## Linux Kernel Flaw Fragnesia Grants Root Access via XFRM Subsystem; PoC Exploit Public Security researchers at Wiz have disclosed "Fragnesia," a critical Linux kernel local privilege escalation vulnerability that permits unprivileged users to obtain root-level access by corrupting page cache memory. Tracked as CVE-2026-46300, the flaw was discovered by William Bowling of the V12 security team and resides in the Linux kernel's XFRM subsystem, specifically in ESP-in-TCP processing associated with IPsec support. Public proof-of-concept exploit code, documented by V12 on GitHub, demonstrates the vulnerability targeting /usr/bin/su to spawn a root shell. Wiz, the Google-owned cloud security firm, characterizes Fragnesia as part of the broader "Dirty Frag" bug family rather than a distinct vulnerability class, suggesting systemic weaknesses in the kernel networking stack that continue to surface weeks after the original Dirty Frag disclosure. The technical mechanism behind Fragnesia enables attackers to modify protected file data in memory without altering the original files stored on disk, creating a stealthy pathway for privilege escalation. This approach differs from traditional file-based attacks and leverages the kernel's page cache handling to achieve code execution at elevated privileges. The vulnerability affects systems utilizing IPsec functionality, which is standard in many enterprise Linux deployments. Security practitioners should note that the flaw requires local access to trigger, distinguishing it from remote execution vulnerabilities but making it particularly dangerous in multi-user environments, containers, or compromised shared hosting scenarios. The disclosure intensifies pressure on Linux distribution maintainers to release patches for this high-severity flaw. Organizations running IPsec-enabled systems are advised to monitor vendor security bulletins and apply kernel updates urgently. The availability of public exploit code significantly lowers the barrier for threat actors to develop working exploits, increasing the practical risk for unpatched systems. This incident underscores recurring challenges in the Linux kernel's networking subsystem, where complex interactions between security features and memory management continue to produce severe vulnerabilities. --- - **Source**: The Register - **Sector**: The Lab - **Tags**: CVE-2026-46300, Fragnesia, Dirty Frag, Linux kernel vulnerability, local privilege escalation - **Credibility**: unverified - **Published**: 2026-05-14 18:18:20 - **ID**: 83121 - **URL**: https://whisperx.ai/en/intel/83121