A new Linux local privilege escalation exploit called Fragnesia has just been released publicly.

The exploit abuses a flaw in the Linux kernel’s ESP/XFRM subsystem to corrupt the page cache of trusted read-only files and gain root privileges.

Like Dirty Frag and Copy Fail, the attack only modifies files in memory, meaning the original file on disk remains unchanged. This makes detection harder since normal integrity checks may not notice the tampering.

Fragnesia (CVE-2026-46300) is separate from Dirty Frag. It affects the XFRM ESP-in-TCP path, so Dirty Frag vulnerability status alone does not determine whether a system is affected by Fragnesia. Disabling the esp4, esp6, and rxrpc modules mitigates both issues for now, but Dirty Frag kernel patches do not fix Fragnesia.

Recommended mitigation for now:

  • disable the esp4, esp6, and rxrpc kernel modules
  • apply the specific kernel patch for CVE-2026-46300 once distributions release fixes instead of relying on module disabling as a long-term solution

PoC: https://github.com/v12-security/pocs/tree/main/fragnesia