New Fragnesia Flaw Hands Linux Local Users Root Access

A new Linux kernel local privilege escalation vulnerability, Fragnesia (CVE-2026-46300), allows unprivileged users to gain root by writing arbitrary bytes into the kernel page cache using an ESP-in-TCP decryption technique; a public PoC was published on May 13. The flaw is related to the Dirty Frag family, affects kernels released before the disclosure, and upstream fixes are pending while some distributions have started backporting patches; recommended interim mitigations include disabling esp4/esp6/rxrpc modules and restricting unprivileged user namespaces.