Description
A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. This vulnerability, known as Fragnesia, allows a local attacker to achieve arbitrary byte writes into the kernel page cache of read-only files.
Published: n/a
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Linux kernel’s XFRM ESP-in-TCP subsystem, named Fragnesia, permits a local attacker to perform arbitrary byte writes to the kernel page cache of read‑only files. This constitutes a local privilege escalation, allowing an attacker to overwrite kernel structures or code sections, potentially leading to full root access. The weakness is a classic type of write‑through vulnerability in kernel memory handling.

Affected Systems

All Linux systems running kernel versions that have not yet incorporated the Fragnesia fix are affected. The issue originates in the core XFRM framework and therefore applies across distributions that ship the upstream kernel unchanged, unless a vendor has applied a backport or patch.

Risk and Exploitability

The CVSS score of 7.8 classifies this as a high‑severity vulnerability. EPSS is not available, and the advisory does not list it in the CISA KEV catalog, suggesting limited public exploitation evidence to date. However, because the attack requires local access, any user with file system write permissions or any service running as root could potentially exploit the flaw. The likely attack vector is a local attacker gaining write access to the kernel page cache through privileged operations or kernel module loading.

Generated by OpenCVE AI on May 14, 2026 at 13:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that includes the fix for Fragnesia.
  • If a patch is not immediately available, block or disable the XFRM ESP-in-TCP feature via sysctl or module blacklisting, and restrict local users to the least privilege necessary to operate.
  • Enforce stricter local account controls and monitor for anomalous kernel page cache modifications to detect potential exploitation attempts.

Generated by OpenCVE AI on May 14, 2026 at 13:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux kernel
Vendors & Products Linux
Linux kernel

Thu, 14 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. This vulnerability, known as Fragnesia, allows a local attacker to achieve arbitrary byte writes into the kernel page cache of read-only files.
Title kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel
Weaknesses CWE-123
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Subscriptions

Linux Kernel
cve-icon MITRE

No data.

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-13T12:00:00Z

Links: CVE-2026-46300 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T14:00:19Z

Weaknesses