A new Fragnesia Linux kernel local privilege escalation (LPE) vulnerability, CVE-2026-46300 with a CVSS of 7.8, allows unprivileged local attackers to modify read-only files in the kernel page cache and achieve root via a deterministic page-cache corruption primitive, the third such bug identified in two weeks. Codenamed Fragnesia, it is rooted in the Linux kernel’s XFRM ESP-in-TCP subsystem and was discovered by William Bowling of the V12 security team.
The vulnerability is described as similar in impact to Dirty Frag and Copy Fail, and is said to yield root on major distributions by corrupting the page cache memory of the /usr/bin/su binary after a memory write primitive is achieved. According to Wiz, the issue can be mitigated by the same actions used for Dirty Frag, and a patch is available with advisories released by several distributions, including AlmaLinux, Red Hat, Debian, and Ubuntu, among others.
The story also notes that a threat actor named “berz0k” has been seen advertising a zero-day Linux LPE for $170,000, claiming TOCTOU-based capabilities and a payload dropped in /tmp, though there have been no reports of active exploitation at the time.