Fragnesia: third Linux root exploit in 2 weeks (CVE-2026-46300)

Third Linux kernel root exploit in two weeks. Fragnesia (CVE-2026-46300) was disclosed yesterday by William Bowling and the V12 Security team. The bug lives in the kernel's IPsec ESP-in-TCP code — the same surface as last week's Dirty Frag, but a separate flaw that last week's patch does not cover. Bowling characterizes Fragnesia as "a member of the Dirty Frag vulnerability class." An unprivileged user runs the exploit, the kernel writes attacker bytes into the page-cache copy of su, and the next time su runs the user gets root. A public proof-of-concept is already on GitHub. Every Linux kernel released before May 13, 2026 is affected; vendor patches are rolling out across Ubuntu, Debian, Red Hat, SUSE, Amazon Linux, AlmaLinux, Gentoo, and CloudLinux. The temporary workaround is blacklisting the esp4, esp6, and rxrpc kernel modules — only safe on hosts that do not use IPsec or AFS. Sources: https://almalinux.org/blog/2026-05-13-fragnesia-cve-2026-46300/ https://github.com/v12-security/pocs/tree/main/fragnesia https://www.theregister.com/security/2026/05/14/dirty-frag-gets-a-sequel-as-fragnesia-hands-linux-attackers-root-level-access/ https://thehackernews.com/2026/05/new-fragnesia-linux-kernel-lpe-grants.html More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday. #cybersecurity #linux #kernelexploit