Fragnesia brilliantly exposes the persistent fragility of the Linux kernel's memory management when faced with complex networking logic. It is a sophisticated piece of research that turns a minor reassembly error into a definitive argument for more robust architectural isolation.
Install our extension to search inside any video instantly.
Fragnesia: third Linux root exploit in 2 weeks (CVE-2026-46300)Added:
Third Linux root exploit in two weeks.
This one is called Fragnesia. Disclosed yesterday by William Bowling and the V12 security team with a public proof of concept already on GitHub. An unprivileged user runs the exploit and gets root. By now, the pattern is familiar. Copy fail at the end of April, dirty frag a week ago, and now this. But Fragnesia is a different bug than dirty frag. and last week's patch does not cover it. Bowling himself describes Fragnesia as a member of the dirty frag vulnerability class, but a separate flaw in the same family of the kernel networking code. Fragnesia lives in the IPsec layer. Specifically, how the kernel handles encrypted ESP packets carried over TCP. Dirty Frag had a bug there, too, plus a second bug in the colonel's AFS networking code. last week's patch fixed those. Ragnesia is a different flaw in the same IP set code and it needs its own patch. The exploit triggers a logic error in how the kernel reuses memory while reassembling network packets, then uses that error to overwrite readonly files in the kernel's page cache. The target is SU, the program that lets you switch to root.
Modify the cached copy of SU. Run it and you have root. Same reliability profile as copy fail and dirty frag.
Deterministic single shot. No kernel crashes if it fails. This affects every Linux kernel released before May 13th.
Patches are rolling out across iuntu, Debian, Red Hat, Susa, Amazon Linux, Alma Linux Gen 2 and Cloud Linux. If you cannot rebu reboot immediately, V12 documents a temporary workaround. You can blacklist the ESP4, ESP6, and RXRPC kernel modules. But it's worth knowing that workaround breaks anything that actually uses IPSEC or AFS. So it is only safe for hosts that do not need those features.
So now we have three Linux root exploits in 14 days. All landing the same way.
Write bytes into the kernel's page cache. Corrupt the in-memory copy of a privileged program. Run it. Get root.
Intel copy fail. This specific pattern of attack on cached executables had not seen much published research, but now it has.
Related Videos
Agentforce NOW AMA: Build with React and Salesforce Multi-Framework
SalesforceDevs
490 viewsβ’2026-05-28
How agent o11y differs from traditional o11y β Phil Hetzel, Braintrust
aiDotEngineer
450 viewsβ’2026-05-28
Re: π£οΈπthepropheduπ2026 GST 103 CLASS (E-EXAM REVISION)
theprophedu
636 viewsβ’2026-06-04
WEB TECHNOLOGIES UNIT-2 | Degree 4th sem BCOM Computers web technologies unit-2 full explanationπ―β
LearnwithSahera
1K viewsβ’2026-05-29
More tests are always better? How to use AI to identify tests that bring little value
Alliance4Qualification
335 viewsβ’2026-05-29
Search Algorithms Explained in 60 Seconds! π€π¨
samarthtuliofficial
218 viewsβ’2026-06-01
People of Game of Thrones using JavaScript DOM
AltCampus
296 viewsβ’2026-05-30
Instagram accounts got PWNed
EricParker
13K viewsβ’2026-06-03
