A newly disclosed Linux kernel vulnerability dubbed Fragnesia (CVE-2026-46300) gives any unprivileged local user a direct path to root, no race condition required, affecting all Linux systems running kernels released before May 13, 2026.
Discovered by security researcher William Bowling and the V12 team, Fragnesia joins the growing Dirty Frag vulnerability class that has shaken Linux security since early May 2026, and a working public proof-of-concept exploit is already available.
Fragnesia is a universal Linux local privilege escalation (LPE) exploit that abuses a logic bug in the Linux kernel’s XFRM ESP-in-TCP subsystem. Unlike many kernel exploits that depend on fragile race-condition windows, Fragnesia achieves arbitrary byte writes into kernel page-cached read-only files with deterministic reliability.
It sits within the broader Dirty Frag family alongside CVE-2026-43284 and CVE-2026-43500, and extends the same page-cache write bug class previously seen in Dirty Pipe.
CVE-2026-46300: Fragnesia Linux Privilege Vulnerability
The name “Fragnesia” is technically apt: at its core, the bug causes a socket buffer (skb) to “forget” that a fragment is shared during coalescing, resulting in a memory-handling amnesia that becomes a root-level weapon in the hands of an attacker.
Red Hat’s security advisory classifies this as part of the broader RHSB-2026-003 networking subsystem privilege escalation family, noting that a user with only a local account can trigger the flaw to gain root-level administrator privileges.
Microsoft Security Intelligence confirmed the new variant on May 12, 2026, warning that it exploits the XFRM ESP-in-TCP subsystem to implement a memory-write primitive of the same class as Dirty Frag.
Fragnesia’s exploitation chain is surgical and highly automated, executing in six distinct stages without any race condition dependency.
- Namespace privilege setup: The exploit calls
unshare(CLONE_NEWUSER | CLONE_NEWNET)to create a user and network namespace where it holdsCAP_NET_ADMINwithout any real host privileges. - XFRM SA installation: Inside the namespace, it installs a transport-mode ESP-in-TCP Security Association via
NETLINK_XFRMusing AES-128-GCM with a known key and SPI0x100. - Keystream lookup table: The exploit builds a 256-entry table via
AF_ALGthat maps every possible AES-GCM keystream byte to a corresponding IV nonce, allowing the attacker to produce any desired byte value on demand. - Splice-then-ULP trigger: A sender/receiver pair splices 4096 bytes from the target file into a TCP stream. When the receiver enables
TCP_ULP espintcp, the kernel decrypts the queued ESP record in-place, XORing the keystream directly into the splice-mapped page cache entry of the target binary. - Byte-by-byte payload write: This trigger repeats for each byte of the payload that differs from the desired value, recomputing the required keystream byte, selecting the corresponding nonce, and firing a fresh trigger pair.
- Root shell execution: After 192 payload bytes of a position-independent ELF stub (
setresuid/setresgid/execve /bin/sh) are verified in the page cache of/usr/bin/su,execve("/usr/bin/su")is called dropping the attacker into a root shell.
Affected Versions and Mitigation
Every Linux kernel version affected by Dirty Frag is equally affected by Fragnesia, essentially all kernels without the patch published to the netdev mailing list on May 13, 2026. Exploitation has been confirmed on the Ubuntu kernel 6.8.0-111-generic #111-Ubuntu SMP PREEMPT_DYNAMIC running on commodity cloud infrastructure (Linode VPS).
The ESP vulnerability chain traces its roots back to a January 2017 kernel commit (cac2661c53f3) that moved IPsec ESP receive into an in-place decryption fast path, meaning the attack surface has existed silently for over nine years.
On Ubuntu systems, AppArmor’s default restriction on unprivileged user namespaces (kernel.apparmor_restrict_unprivileged_userns=1) provides a partial barrier, but the V12 team notes that it can be chained to other bugs. Major distributions, including Red Hat Enterprise Linux, Fedora, openSUSE, and Ubuntu, have all issued advisories.
The mitigation for Fragnesia is identical to the Dirty Frag unload: block the affected kernel modules immediately. Security teams should apply the following steps on all unpatched Linux systems:
- Unload vulnerable modules:
rmmod esp4 esp6 rxrpc - Blocklist permanently: Create
/etc/modprobe.d/dirtyfrag.confwith entries blockingesp4,esp6, andrxrpcfrom loading on reboot - Drop page cache post-exploit: If exposure is suspected, run
echo 1 | tee /proc/sys/vm/drop_cachesor reboot immediately any post-exploit execution ofsuwill re-spawn a root shell until the page is evicted - Container environments: Restrict
AF_KEY,AF_RXRPC, and XFRM netlink syscalls via seccomp profiles in container runtimes; default Docker seccomp already blocksAF_RXRPCbut notAF_KEYor XFRM netlink - Apply the kernel patch: Upgrade to a kernel incorporating the May 13, 2026, netdev patch as soon as your distribution publishes a stable update.
FAQ
Q1: What is CVE-2026-46300 (Fragnesia)?
It is a Linux kernel local privilege escalation flaw in the XFRM ESP-in-TCP subsystem that allows any unprivileged local user to gain root access via deterministic page-cache byte writes, with no race condition required.
Q2: Which Linux versions are affected by Fragnesia?
All Linux kernel versions lacking the May 13, 2026, netdev patch are vulnerable, spanning kernels back to at least January 2017 when the in-place ESP decryption fast path was introduced.
Q3: How does Fragnesia differ from Dirty Frag?
While both exploit the same XFRM/ESP surface and share the same mitigation, Fragnesia is a distinct code bug that targets the skb shared-fragment coalescing logic rather than the same flaw patched by the original Dirty Frag CVEs.
Q4: How can organizations immediately protect their Linux systems from Fragnesia?
Unload and block the esp4, esp6, and rxrpc kernel modules immediately, apply seccomp restrictions in containerized environments, and prioritize kernel patching across all builds, including the May 13, 2026, netdev fix.
Site: thecybrdef.com
For more insights and updates, follow us on Google News, Twitter, and LinkedIn.
About the Author
