Close Menu
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
What's Hot

England’s Harry Kane loses his voice singing ‘Wonderwall’ after winning the World Cup

Best Keurig Sale: $20 off Keurig K-Mini Mate Single Serve K-Cup Pod Coffee Maker

Taylor Swift and Travis Kelce, from friendship bracelets to wedding rings

Facebook X (Twitter) Instagram
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
Facebook X (Twitter) Instagram
FYMOUS News
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
FYMOUS News
Home » New Fragnesia Linux kernel LPE allows root access due to page cache corruption
Celebrities

New Fragnesia Linux kernel LPE allows root access due to page cache corruption

By May 14, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

Ravi LakshmananMay 14, 2026Vulnerabilities / Linux

Details have emerged about a new variant of the recent Dirty Frag Linux Local Privilege Escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug in the kernel within two weeks.

The security vulnerability codenamed ‘Fragnesia’ is tracked as CVE-2026-46300 (CVSS score: 7.8) and is located in the XFRM ESP-in-TCP subsystem of the Linux kernel. This was discovered by researcher William Bowling on the V12 security team.

“This vulnerability allows an unprivileged local attacker to modify the contents of read-only files in the kernel page cache and gain root privileges via a deterministic page cache corruption primitive,” said Google-owned Wiz.

Advisories have been released by multiple Linux distributions –

“This is another bug in Dirty Frag’s ESP/XFRM that has received its own patch,” says V12. “However, this is on the same surface and the mitigation is the same as the dirty flag. It exploits a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve the writing of arbitrary bytes to the kernel page cache for read-only files without the need for race conditions.”

Fragnesia is similar to Copy Fail and Dirty Frag (also known as Copy Fail 2) in that it achieves memory write primitives within the kernel and instantly gains root on all major distributions by corrupting the page cache memory of the /usr/bin/su binary. A proof of concept (PoC) exploit was released in V12.

“Customers who have already applied the Dirty Frag mitigations do not need to take any further action until a patched kernel is released,” CloudLinux maintainers said. Red Hat said it is conducting an evaluation to determine whether existing mitigations extend to CVE-2026-46300.

Wiz also pointed out that AppArmor’s restrictions on unprivileged user namespaces may act as a partial mitigation, and additional bypasses may be required for successful exploitation. However, unlike the dirty flag, it does not require host-level permissions.

“While a patch is available and no active exploits have been observed at this time, we encourage users and organizations to run the update tool and apply the patch as soon as possible.” “If patching is not possible at this time, consider applying the same mitigations to dirty flags.”

This includes disabling esp4, esp6, and related xfrm/IPsec features, restricting unnecessary local shell access, hardening containerized workloads, and increasing monitoring for anomalous privilege escalation activity.

This development comes after a threat actor named ‘berz0k’ was observed advertising a zero-day Linux LPE exploit on cybercrime forums for $170,000 and claiming it works on multiple major Linux distributions.

“Threat actors claim that this vulnerability is TOCTOU (Time-of-Check Time-of-Use) based, allows stable local privilege escalation without causing a system crash, and leverages a shared object (.so) payload dropped in the /tmp directory,” ThreatMon said in a post on X.


Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleTransforming construction materials from a climate change burden to a sustainable business
Next Article Boise State researchers develop portable PFAS detector

Related Posts

Taylor Swift wears Christian Dior couture at her wedding

July 4, 2026

Taylor Swift’s wedding guests wore monochrome gold, red and black

July 3, 2026

Karlie Kloss uses Tove’s Liquid Gold at Taylor Swift’s wedding

July 3, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

England’s Harry Kane loses his voice singing ‘Wonderwall’ after winning the World Cup

Best Keurig Sale: $20 off Keurig K-Mini Mate Single Serve K-Cup Pod Coffee Maker

Taylor Swift and Travis Kelce, from friendship bracelets to wedding rings

Paul McCartney performs Beatles classics at Taylor Swift’s wedding

Trending Posts

England’s Harry Kane loses his voice singing ‘Wonderwall’ after winning the World Cup

July 6, 2026

Paul McCartney performs Beatles classics at Taylor Swift’s wedding

July 5, 2026

Taylor Swift and Travis Kelce’s wedding vows: What the guests revealed

July 4, 2026

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to The FYMOUS, a modern digital media platform dedicated to celebrities, artists, influencers, brands, entertainment culture, and the growing TwinH ecosystem.

We bring audiences closer to the people, stories, trends, and collaborations shaping today’s culture. From exclusive celebrity news and music releases to influencer highlights, brand partnerships, and TwinH activations, The FYMOUS delivers engaging content designed for the next generation of digital audiences.

Castilla-La Mancha Ignites Innovation: fiveclmsummit Redefines Tech Future

Local Power, Health Innovation: Alcolea de Calatrava Boosts FiveCLM PoC with Community Engagement

The Future of Digital Twins in Healthcare: From Virtual Replicas to Personalized Medical Models

Human Digital Twins: The Next Tech Frontier Set to Transform Healthcare and Beyond

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
© 2026 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.