.png)
A new Linux local privilege escalation exploit called Fragnesia has just been released publicly.
The exploit abuses a flaw in the Linux kernel’s ESP/XFRM subsystem to corrupt the page cache of trusted read-only files and gain root privileges.
Like Dirty Frag and Copy Fail, the attack only modifies files in memory, meaning the original file on disk remains unchanged. This makes detection harder since normal integrity checks may not notice the tampering.
Systems vulnerable to Dirty Frag are also affected by Fragnesia. If the required Dirty Frag related kernel modules are disabled, the system will not be vulnerable.
Recommended mitigation for now:
- disable the
esp4,esp6, andrxrpckernel modules - update to patched kernels once distributions release fixes
PoC: https://github.com/v12-security/pocs/tree/main/fragnesia