Fragnesia: Linux Kernel Local Privilege Escalation via ESP-in-TCP

Wiz Research disclosed “Fragnesia,” a new DirtyFrag-related Linux local privilege escalation that exploits a logic flaw in the XFRM ESP-in-TCP implementation to deterministically corrupt page-cache contents via in-place AES-GCM decryption, allowing unprivileged attackers (using user/network namespaces and NETLINK_XFRM) to achieve root by modifying in-memory binaries; mitigations include applying vendor kernel patches, disabling the affected modules (esp4/esp6/rxrpc), restricting unprivileged user namespaces, and rebooting or clearing page cache if exploitation is suspected.