Fragnesia
A flaw in the Linux kernel's XFRM ESP-in-TCP subsystem allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, which can be exploited to overwrite privileged binaries and gain root privileges.
Details
- Write-up
- https://github.com/v12-security/pocs/tree/main/fragnesia
- CVEs
- CVE-2026-46300 CVSS 7.8
- Authors
- William Bowling, V12
- Patch
- f84eca581739
The patch has not been included in a stable kernel release yet. Some distributions might have already backported it.
Timeline
- Patch submitted to netdev mailing list[3]
- PoC and writeup published, CVE assigned[2]
- Patch applied to netdev branch[1]
Mitigation
Blacklist affected kernel modules
IPsec connectivity will be lost, which won't be an issue for normal desktop users.
printf 'install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
' > /etc/modprobe.d/fragnesia.conf
rmmod esp4 esp6 rxrpc 2>/dev/null
echo 1 > /proc/sys/vm/drop_cachesSources
- https://lists.openwall.net/netdev/2026/05/15/20
- http://www.openwall.com/lists/oss-security/2026/05/13/3
- https://lists.openwall.net/netdev/2026/05/13/79