Linux distributions are informing customers a few new kernel vulnerability that may be exploited by a neighborhood attacker to escalate privileges to root.
Dubbed Fragnesia and formally tracked as CVE-2026-46300, the problem resides within the kernel’s XFRM ESP-in-TCP subsystem, permitting an unprivileged attacker to realize root permissions by overwriting delicate system recordsdata.
A majority of Linux distributions are affected, they usually have began releasing patches.
A proof-of-concept (PoC) exploit is accessible, however there is no such thing as a proof that Fragnesia has been exploited within the wild.
“Just like Soiled Frag, Fragnesia exploits a vulnerability within the XFRM ESP-in-TCP subsystem to attain a reminiscence write primitive within the kernel,” Microsoft’s risk intelligence staff stated.
“The primitive is then used to deprave the web page cache reminiscence of the [/]usr[/]bin[/]su binary, which in flip results in launching a shell with root privilege. Observe that exploitation just isn’t constrained to make use of the [/]usr[/]bin[/]su binary; it may possibly modify any file readable by the person, together with [/]and many others[/]passwd,” it added.
Microsoft has urged organizations to use the out there patches as quickly as potential.
Fragnesia is in the identical class of vulnerabilities because the lately disclosed Soiled Frag and Copy Fail.
Copy Fail has been exploited within the wild, and Microsoft famous shortly after Soiled Frag’s disclosure that it too could have been leveraged in malicious assaults.
The tech large reported on Might 8 that its Defender product had seen restricted in-the-wild exercise that would point out exploitation of both Soiled Frag or Copy Fail.
On the time of writing, there don’t look like another studies confirming the exploitation of Soiled Frag.
