Linux Kernel Local Privilege Escalation Vulnerability Exploited in Attacks (Fragnesia) (CVE-2026-46300)

Cybersecurity researchers have identified a new variant in the DirtyFrag family of Linux local privilege escalation vulnerabilities, named ‘Fragnesia’. Tracked as CVE-2026-46300, successful exploitation of the vulnerability may allow an unprivileged local attacker to modify read-only file contents in the kernel page cache and gain root privileges.

The vulnerability has been named Fragnesia because the core bug is that the skb “forgets” that a frag is shared during coalescing. William Bowling of the V12 security team discovered and reported the vulnerability.

Fragnesia is like Copy Fail and Dirty Frag (aka Copy Fail 2) in that it immediately yields root on all major distributions by achieving a memory-write primitive in the kernel and corrupting the page cache of the /usr/bin/su binary.

Vulnerability Details

Fragnesia targets the same XFRM ESP-in-TCP attack surface as DirtyFrag, though it stems from a distinct logic flaw and has been addressed with a separate patch. The vulnerability occurs when file-backed pages are spliced into a TCP receive queue before the socket switches to ESP-in-TCP (espintcp) ULP mode. This could cause the kernel to incorrectly process queued file pages as ESP-encrypted data. By manipulating the AES-GCM keystream through carefully chosen IV nonces, an attacker can perform controlled single-byte writes to the page cache of read-only files without relying on race conditions.

How does the Exploitation Work?

The exploit begins by creating isolated user and network namespaces using unshare(CLONE_NEWUSER | CLONE_NEWNET). That would allow an attacker to gain CAP_NET_ADMIN privileges within that namespace while remaining unprivileged on the actual host system.

Next, within the newly created network namespace, it establishes a transport-mode ESP security association over TCP via NETLINK_XFRM. The ESP is configured with AES-128-GCM encryption, a known cryptographic key, and SPI value 0x100.

To prepare for controlled corruption, the exploit generates a keystream lookup table. It constructs the 16-byte AES-GCM counter block for sequence number 2 as [salt || IV || 00000002] and encrypts it with the known key to produce a 16-byte keystream. By modifying the lower 32 bits of the 8-byte IV, it can produce all 256 possible byte values within the first 65,536 nonce combinations.

The actual overwrite is triggered through a splice-and-ULP technique. A sender and receiver process are spawned; the sender splices 4096 bytes from the target file. Starting at the intended corruption offset—into a TCP stream, preceded by an ESP-in-TCP length field and an ESP header containing the selected IV. The receiver waits to enable the TCP_ULP espintcp module until the data has already been queued in the socket buffer. Once enabled, the kernel decrypts the buffered ESP packet in place, applying the GCM keystream directly to the spliced page, which corresponds to the same physical page mapped in the VFS page cache.

This process is repeated one byte at a time for the payload. For every byte that differs from the intended value, the exploit recalculates the required keystream byte, selects the matching IV from the precomputed table, increments the ESP sequence counter, and triggers another sender/receiver cycle.

After all 192 payload bytes are successfully modified and verified, the exploit executes execve(“/usr/bin/su”). Because the binary has already been altered in the page cache, the injected code runs, invoking setresuid(0,0,0) and setresgid(0,0,0) before launching /bin/sh with root privileges.

Affected versions

The vulnerability affects all versions that were affected by dirtyfrag.

As per the GitHub advisory, any versions without this patch (https://lists.openwall.net/netdev/2026/05/13/79), including Linux kernels before May 13, 2026, are affected by this vulnerability.

Linux distributors have also released security advisories for this vulnerability. The list includes:

• SUSE
• Debian
• Ubuntu
• Gentoo
• AlmaLinux
• CloudLinux
• Amazon Linux
• Red Hat Enterprise Linux

Mitigation

The patch for this vulnerability is the same as the dirtyfrag vulnerability.

The recommended step by the vendor is to use the following command to remove the modules in which the vulnerabilities occur and clear the page cache:

rmmod esp4 esp6 rxrpc
printf 'install esp4 /bin/falseninstall esp6 /bin/falseninstall rxrpc /bin/falsen' > /etc/modprobe.d/dirtyfrag.conf

For more information, please refer to the GitHub Security Advisory.

Qualys Detection

Qualys customers can scan their devices with QID 387375 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://github.com/v12-security/pocs/tree/main/fragnesia