## Linux Kernel Fragnesia Flaw CVE-2026-46300 Exposes Ubuntu, RHEL, Debian to Root Compromise via XFRM ESP-in-TCP A critical local privilege escalation vulnerability in the Linux kernel's XFRM ESP-in-TCP subsystem has been disclosed with a public proof-of-concept, creating immediate pressure on server administrators across major distributions. Tracked as CVE-2026-46300 and nicknamed "Fragnesia," the flaw allows any local user to escalate to root by exploiting improper SKB flag propagation during ESP-in-TCP packet processing. The vulnerability carries a high-severity rating, and while no in-the-wild exploitation has been observed, the availability of a working exploit dramatically lowers the barrier for targeted attacks. The core issue resides in the `skb_try_coalesce()` function, which fails to propagate the `SKBFL_SHARED_FRAG` flag during packet coalescing operations. This oversight enables in-place decryption of shared page-cache fragments, effectively bypassing standard memory isolation between processes. According to the Tenable analysis, the proof-of-concept manipulates `/usr/bin/su` in the page cache through user and network namespace primitives, allowing an unprivileged local user to overwrite privileged binaries and execute arbitrary code with root permissions. The flaw affects Ubuntu, Red Hat Enterprise Linux, Debian, and potentially other Linux distributions running vulnerable kernel versions. Patches were released on May 13, and distribution-specific updates are available for major platforms. As a temporary mitigation, administrators can blacklist the affected kernel module to reduce exposure. Organizations running affected Linux environments are urged to prioritize patching given the public exploit status, particularly for systems where local user access is permitted. The incident highlights ongoing complexity in the Linux kernel's network stack, where subtle protocol implementation details can create severe security consequences when combined with modern container and namespace isolation features. --- - **Source**: Mastodon:mastodon.social:#cybersecurity - **Sector**: The Lab - **Tags**: CVE-2026-46300, Fragnesia, Linux kernel, privilege escalation, XFRM - **Credibility**: unverified - **Published**: 2026-05-14 21:18:38 - **ID**: 83190 - **URL**: https://whisperx.ai/en/intel/83190