- New Linux kernel flaw CVE-2026-46300 “Fragnesia” allows local attackers to gain root
- Discovered by William Bowling of Zellic;
- PoC shows corruption of /usr/bin/su page cache to get root shell
Security researchers have discovered a new vulnerability in the Linux kernel that could allow malicious actors to run code with elevated privileges, putting systems at risk of data theft, malware deployment, and even full device takeover.
The vulnerability is tracked as CVE-2026-46300 and received a severity score of 7.8/10 (high). Nicknamed Fragnesia, it is apparently in the same vulnerability class as Dirty Frag, another recently disclosed kernel flaw.
While Dirty Frag chains multiple errors, Fragnesia comes in the form of a logic error in the Linux XFRM EST-in-TCP subsystem. By writing arbitrary bytes to the kernel page cache in read-only files, unprivileged local attackers can gain root privileges and thus compromise the entire system.
Patches and killswitches
The flaw was discovered by William Bowling of Zellic, who also shared a proof-of-concept (PoC) that “obtains a memory-write primitive in the kernel that is used to destroy the page cache memory in the /usr/bin/su binary to obtain a shell with root privileges.”
“Fragnesia is a member of the Dirty Frag vulnerability class. This is a separate bug in ESP/XFRM from dirtyfrag, which has received its own patch. However, it is in the same surface and the remediation is the same as for dirtyfrag,” Bowling said. “It exploits a logic flaw in the Linux XFRM ESP-in-TCP subsystem to achieve arbitrary byte writes in the kernel page cache of read-only files without requiring any race condition.”
To mitigate the risk, Linux users should apply kernel updates to their distros without delay.
Linux kernel vulnerabilities are a hot topic these days. Prompted by both Dirty Frag and Copy Fail, two recently disclosed bugs, co-maintainer Sasha Levin proposed a new patch that would allow system administrators to temporarily disable a vulnerable kernel feature.
That way, if security researchers discover malicious code in the future, users will be able to quickly instruct the kernel not to use it. The feature does not fix underlying problems, but since the feature would return an error, it could prevent the vulnerability from causing serious damage until a proper patch is implemented.
The new feature is currently being reviewed by the Linux community and has not yet been officially introduced.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
