New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
Fragnesia (CVE-2026-46300, CVSS 7.8) — Linux kernel LPE in the XFRM ESP-in-TCP subsystem lets local attackers modify read-only page-cache content for root. Third such bug in two weeks.
What’s new: A new local privilege escalation (LPE) vulnerability in the Linux kernel, tracked as CVE-2026-46300 with a CVSS score of 7.8, has been identified. Named Fragnesia, this vulnerability allows unprivileged local attackers to gain root access by exploiting a flaw in the XFRM ESP-in-TCP subsystem, enabling them to modify read-only file contents in the kernel page cache. This is the third such vulnerability reported within two weeks.
Who’s affected
Multiple Linux distributions are affected, including AlmaLinux, Amazon Linux, CloudLinux, Debian, Gentoo, Red Hat Enterprise Linux, SUSE, and Ubuntu. Users of these distributions should be aware of the potential for exploitation.
What to do
- Apply available patches as soon as possible.
- If patching is not feasible, implement mitigations similar to those for the Dirty Frag vulnerability, such as disabling esp4 and esp6, restricting local shell access, and enhancing monitoring for abnormal privilege escalation activities.
