Skip to content

“Fragnesia”: Next Privilege Escalation Vulnerability in Linux Kernel

(Photo: Tux by Larry Ewing/GIMP / heise medien) Microsoft has issued a warning about a new variant of the CopyFail vulnerability in the Linux kernel called “Fragnesia.” It grants root privileges. Microsoft is now warning users about another vulnerability in the Linux kernel called “Fragnesia.” It also grants attackers access to the root level of the system. According to Microsoft on Bluesky [2], this is another variant of the “Dirty Frag” vulnerability [3], which was disclosed last weekend. The XFRM-ESP subsystem in IPsec is also affected. “Fragnesia” exploits an error in XFRM ESP-in-TCP to gain write access to the kernel. The attack manipulates the page cache entry for the binary “/usr/bin/su,” allowing an attacker to subsequently spawn a root shell (CVE-2026-46300, CVSS score 9.9 according to Red Hat [4], rated high; Ubuntu’s rating matches [5]). The vulnerability was originally discovered by William Bowling of Zellic, who used the company’s AI-powered vulnerability discovery tool V12. On GitHub, he has published a project [6] containing an exploit for the security flaw as well as mitigations and source code patches.

heise security News

Share on: