AI-Discovered Fragnesia: a new Linux kernel flaw that could grant root access
TL;DR Summary
AI-assisted disclosure reveals Fragnesia, the third major Linux kernel local root vulnerability in two weeks, which lets an unprivileged user corrupt the kernel page cache via ESP-in-TCP and escalate to root; a PoC exists and Red Hat assigns a CVSS of 7.8. Upstream patches are available but not yet in distros as of May 13, and mitigations include disabling esp4/esp6/rxrpc or constraining user namespaces—though these can break IPsec or rootless containers. Patches are expected soon (around May 14) as AI bug detection accelerates the discovery of new flaws.
- The third major Linux kernel flaw in two weeks has been found - thanks to AI ZDNET
- Fragnesia: Linux Kernel Local Privilege Escalation via ESP-in-TCP wiz.io
- Active attack: Dirty Frag Linux vulnerability expands post-compromise risk Microsoft
- New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption The Hacker News
- Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access The Register
Reading Insights
Total Reads
0
Unique Readers
12
Time Saved
5 min
vs 5 min read
Condensed
91%
988 → 88 words
Want the full story? Read the original article
Read on ZDNET