www.it-connect.fr
Fragnesia: A New Linux Kernel Flaw That Grants Root Access
Fragnesia (CVE-2026-46300) is the name of the new vulnerability granting root access on Linux! What are the risks? How can you protect yourself? Here’s what you need to know.
Fragnesia: a flaw at the heart of the Linux kernel
In this month of May 2026, I get the feeling we are trapped in a vicious loop: another critical security flaw has been discovered in the Linux kernel. After CopyFail and Dirty Frag, let me introduce Fragnesia. Discovered by researcher William Bowling from the V12 security team, Fragnesia is the third local privilege escalation flaw identified in less than two weeks. It is also the third so-called universal flaw, meaning it works on most Linux distributions without distinction.
Although this is a vulnerability separate from Dirty Frag, it is important to note right away that Fragnesia exploits the same attack surface and revolves around the same modules (esp4, esp6 and rxrpc). This second point is particularly important (and decisive), and we will come back to it.
But what exactly is happening here? This security issue lies in the main code responsible for handling socket buffers. Its operation is explained in detail on the V12 GitHub.
Note also that the proof of concept (PoC) code is public and available on GitHub. As with Dirty Frag, a C script makes it possible to exploit the Fragnesia vulnerability in this PoC.
How can you protect yourself from the Fragnesia vulnerability?
As I mentioned earlier, Dirty Frag and Fragnesia are exploited through the same Linux kernel modules. As a result, if you have already removed the esp4, esp6 and rxrpc modules on your machine, you are already protected against the Fragnesia flaw. As a reminder, here is the command used to apply the mitigation on a Linux machine:
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; echo 3 > /proc/sys/vm/drop_caches; true"This command permanently blocks the loading of the vulnerable kernel modules (esp4, esp6, rxrpc) by unloading them from active memory, then clearing the system cache to purge any potentially corrupted file pages. I would remind you that this action impacts machines where IPSec is in use; otherwise, it should not have any effect.
The maintainers of the major distributions should provide fixes in the coming days. Once again, this will come through a kernel update. For example, on the AlmaLinux side, deployment of patched kernels in their testing repository (almalinux-release-testing) has already begun.
