Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)
Vulnerability
Summary
Hide ▲
Show ▼
Fragnesia adds a fresh Linux kernel local privilege-escalation path, putting unprivileged local attackers on a route to root access across major distributions. The flaw is tracked as CVE-2026-46300 and sits in the kernel's XFRM ESP-in-TCP subsystem, where it enables deterministic page-cache corruption. Multiple vendors have issued advisories, a patch is available, and a proof-of-concept exploit has already been released. No in-the-wild exploitation has been observed yet, but the bug's read-only file tampering and privilege-escalation impact make it urgent for exposed Linux systems.
Related Happenings
Linux kernel RDS PinTheft local privilege escalation flaw (public PoC)
Vulnerability
First: 20.05.2026 13:52
Last: 20.05.2026 13:52
Sources 1
About this happening:
**PinTheft** now has a **public PoC exploit**, turning a recently patched **Linux kernel RDS** flaw into a practical **local privilege escalation** risk for **Arch Linux** systems...
Linux kernel RDS PinTheft local privilege escalation flaw (public PoC)
VulnerabilityAbout this happening: **PinTheft** now has a **public PoC exploit**, turning a recently patched **Linux kernel RDS** flaw into a practical **local privilege escalation** risk for **Arch Linux** systems...
Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)
Vulnerability
First: 18.05.2026 10:18
Last: 18.05.2026 10:18
Sources 1
About this happening:
A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...
Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)
VulnerabilityAbout this happening: A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...
Berz0k advertises zero-day Linux LPE exploit for sale
Threat Actor Meta
First: 14.05.2026 10:06
Last: 14.05.2026 10:06
Sources 1
How related:
The development comes as a threat actor named "berz0k" has been observed advertising on cybercrime forums a zero-day Linux LPE exploit for $170,000, claiming it works on multiple major Linux distributions.
About this happening:
**berz0k** is advertising a **zero-day Linux LPE exploit** for **$170,000** on **cybercrime forums**, signaling active monetization of root-level access in the exploit market. The...
Berz0k advertises zero-day Linux LPE exploit for sale
Threat Actor MetaHow related: The development comes as a threat actor named "berz0k" has been observed advertising on cybercrime forums a zero-day Linux LPE exploit for $170,000, claiming it works on multiple major Linux distributions.
About this happening: **berz0k** is advertising a **zero-day Linux LPE exploit** for **$170,000** on **cybercrime forums**, signaling active monetization of root-level access in the exploit market. The...
Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)
Vulnerability
First: 11.05.2026 11:15
Last: 11.05.2026 11:15
Sources 1
About this happening:
A newly disclosed **Linux kernel** local privilege-escalation flaw, **Dirty Frag and Copy Fail 2**, can let an unprivileged user reach **root** on affected systems. The bug chains...
Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)
VulnerabilityAbout this happening: A newly disclosed **Linux kernel** local privilege-escalation flaw, **Dirty Frag and Copy Fail 2**, can let an unprivileged user reach **root** on affected systems. The bug chains...
Linux kernel Dirty Frag local root escalation privilege-escalation flaw
Vulnerability
First: 08.05.2026 10:45
Last: 08.05.2026 10:45
Sources 1
About this happening:
**Dirty Frag** is a newly disclosed **Linux kernel** zero-day that can give **local attackers root privileges** on **most major Linux distributions**. The flaw is anchored in the...
Linux kernel Dirty Frag local root escalation privilege-escalation flaw
VulnerabilityAbout this happening: **Dirty Frag** is a newly disclosed **Linux kernel** zero-day that can give **local attackers root privileges** on **most major Linux distributions**. The flaw is anchored in the...
Timeline
-
14.05.2026 16:00 2 articles · 13d ago
Fragnesia disclosed with public PoC
Initial DisclosureCloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.
Show sources
- New Fragnesia Flaw Hands Linux Local Users Root Access — www.infosecurity-magazine.com — 14.05.2026 16:00
- New Fragnesia Flaw Hands Linux Local Users Root Access — www.infosecurity-magazine.com — 14.05.2026 16:00
-
14.05.2026 16:00 1 articles · 13d ago
Candidate fix and interim defenses emerge
Mitigation Patch UpdateA candidate upstream fix for Fragnesia was submitted to the netdev mailing list on May 13, 2026, while mainline Linux had not yet merged the patch. Several Linux distributions began shipping backported fixes, and administrators who had disabled esp4, esp6, and rxrpc as a Dirty Frag workaround were also covered against Fragnesia until patched kernels were available.
Show sources
- New Fragnesia Flaw Hands Linux Local Users Root Access — www.infosecurity-magazine.com — 14.05.2026 16:00
-
14.05.2026 10:06 2 articles · 13d ago
Fragnesia CVE-2026-46300 disclosure and patch guidance
Initial DisclosureFragnesia is disclosed as a new Linux kernel local privilege escalation vulnerability, tracked as CVE-2026-46300 with a CVSS score of 7.8, in the XFRM ESP-in-TCP subsystem. Researchers say unprivileged local attackers can modify read-only file contents in the kernel page cache and gain root privileges, while vendors including AlmaLinux, Amazon Linux, CloudLinux, Debian, Gentoo, Red Hat Enterprise Linux, SUSE, and Ubuntu have issued advisories and a patch is available alongside Dirty Frag-style mitigations.
Show sources
- New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption — thehackernews.com — 14.05.2026 10:06
- New Fragnesia Flaw Hands Linux Local Users Root Access — www.infosecurity-magazine.com — 14.05.2026 16:00
-
14.05.2026 10:06 2 articles · 13d ago
Fragnesia CVE-2026-46300 disclosure and patch guidance
Initial DisclosureFragnesia is disclosed as a new Linux kernel local privilege escalation vulnerability, tracked as CVE-2026-46300 with a CVSS score of 7.8, in the XFRM ESP-in-TCP subsystem. Researchers say unprivileged local attackers can modify read-only file contents in the kernel page cache and gain root privileges, while vendors including AlmaLinux, Amazon Linux, CloudLinux, Debian, Gentoo, Red Hat Enterprise Linux, SUSE, and Ubuntu have issued advisories and a patch is available alongside Dirty Frag-style mitigations.
Show sources
- New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption — thehackernews.com — 14.05.2026 10:06
- New Fragnesia Flaw Hands Linux Local Users Root Access — www.infosecurity-magazine.com — 14.05.2026 16:00