1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Another major Linux security issue uncovered - new Fragnesia flaw

    From TechnologyDaily@1337:1/100 to All on Thursday, May 14, 2026 19:30:27
    Another major Linux security issue uncovered - new Fragnesia flaw allows attackers to run malicious code as root

    Date:
    Thu, 14 May 2026 18:20:00 +0000

    Description:
    The flaw is in the same family as Dirty Frag and allows privilege escalation at kernel level.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter New Linux kernel flaw CVE202646300 Fragnesia allows local attackers to gain root Discovered by William Bowling of Zellic; PoC shows corruption of /usr/bin/su page cache to get root shell Security researchers have discovered a new vulnerability in
    the Linux kernel which could allow malicious actors to run code with elevated privileges, exposing systems to risk of data theft, malware deployment, and even full device takeover.

    The vulnerability is tracked as CVE-2026-46300, and was given a severity
    score of 7.8/10 (high). Its nicknamed Fragnesia and is apparently in the same vulnerability class as Dirty Frag , another kernel bug that was disclosed recently. While Dirty Frag chains multiple flaws, Fragnesia comes in the form of a logic bug in the Linux XFRM EST-in-TCP subsystem. By writing arbitrary bytes to the kernel page cache of read-only files, unprivileged local attackers can gain root privileges, thus compromising the entire system. Latest Videos From You may like Another major Linux security flaw revealed 'Dirty Frag' allows root on all major distros, with no patch or fix available yet "Copy Fail" flaw impacts all Linux kernels released since 2017 Experts propose Linux kernel "killswitch" following worrying recent security issues Patches and killswitches The bug was discovered by William Bowling of Zellic, who also shared a proof-of-concept (PoC) that achieves a memory-write primitive in the kernel that is used to corrupt the page cache memory of the /usr/bin/su binary to get a shell with root privileges.

    "Fragnesia is a member of the Dirty Frag vulnerability class. This is a separate bug in the ESP/XFRM from dirtyfrag which has received its own patch. However, it is in the same surface and the mitigation is the same as for dirtyfrag," Bowling said. "It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve arbitrary byte writes into the kernel page cache of read-only files, without requiring any race condition."

    To mitigate the risk, Linux users should apply kernel updates for their distros without delay.

    Linux kernel vulnerabilities are a hot topic these days. Prompted by both Dirty Frag and Copy Fail, two recently disclosed flaws, co-maintainer Sasha Levin proposed a new patch that would allow system administrators to temporarily disable a vulnerable kernel function. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    That way, if security researchers discover malicious code in the future,
    users would be able to quickly instruct the kernel not to use it. The feature would not address underlying issues, but since the function would return an error, it could prevent the vulnerability from causing any serious harm
    before a proper patch is deployed.

    The new feature is currently being reviewed by the Linux community and has
    not yet been officially introduced.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/another-major-linux-security-issue-unco vered-new-fragnesia-flaw-allows-attackers-to-run-malicious-code-as-root


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)