- New Linux kernel flaw CVE-2026-46300 “Fragnesia” allows local attackers to gain root
- Discovered by William Bowling of Zellic;
- PoC shows /usr/bin/su page cache corruption to get root shell
Security researchers have discovered a new vulnerability in the Linux kernel that could allow malicious actors to execute code with elevated privileges, exposing systems to the risk of data theft, malware deployment, and even full device takeover.
The vulnerability is tracked as CVE-2026-46300 and was assigned a severity score of 7.8/10 (High). It’s called Fragnesia and it apparently falls into the same vulnerability class as Dirty Frag, another kernel bug that was recently revealed.
While Dirty Frag chains multiple failures, Fragnesia occurs in the form of a logic error in the Linux XFRM EST-in-TCP subsystem. By writing arbitrary bytes to the read-only file kernel page cache, unprivileged local attackers can gain root privileges, thereby compromising the entire system.
Patches and killswitches
The bug was discovered by Zellic’s William Bowling, who also shared a proof of concept (PoC) that “implements a memory write primitive in the kernel that is used to corrupt the page cache of the /usr/bin/su binary to gain a shell with root privileges.”
“Fragnesia is a member of the Dirty Frag vulnerability class. This is a separate bug in dirtyfrag’s ESP/XFRM that has received its own patch. However, it is on the same surface and the mitigation is the same as for dirtyfrag,” Bowling said. “It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve arbitrary byte writes to the read-only file kernel page cache, without requiring any race conditions.”
To mitigate the risk, Linux users should apply kernel updates for their distributions without delay.
Linux kernel vulnerabilities are a hot topic these days. Driven by Dirty Frag and Copy Fail, two recently revealed flaws, co-maintainer Sasha Levin proposed a new patch that would allow system administrators to temporarily disable a vulnerable kernel feature.
That way, if security researchers discover malicious code in the future, users can quickly tell the kernel not to use it. The feature would not fix the underlying problems, but since it would return an error, it could prevent the vulnerability from causing serious damage before a proper patch is deployed.
The new feature is currently being reviewed by the Linux community and has not yet been officially introduced.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
