Linux distros are deploying patches for Fragnasia (CVE-2026-46300), a high-severity Linux kernel flaw in the XFRM ESP-in-TCP subsystem that can let unprivileged local attackers gain root privileges. The issue is linked to the Dirty Frag vulnerability class and comes as administrators are also dealing with the actively exploited Copy Fail flaw and earlier root-level bugs like Pack2TheRoot. #Fragnasia #CVE-2026-46300 #DirtyFrag #CopyFail #Pack2TheRoot #XFRM
Keypoints
- Fragnasia is a new Linux kernel privilege escalation flaw tracked as CVE-2026-46300.
- The bug affects the XFRM ESP-in-TCP subsystem and can let local attackers gain root access.
- William Bowling of Zellic disclosed the flaw and shared a proof-of-concept exploit.
- The issue is related to the Dirty Frag vulnerability class and affects Linux kernels before May 13, 2026.
- Linux users should patch immediately or apply mitigations that disable vulnerable kernel modules.