Fragnesia: Local Linux kernel flaw lets unprivileged users gain root access
Security researchers disclosed Fragnesia, a local privilege-escalation vulnerability in the Linux kernel (Dirtyfrag family) that lets an unprivileged user escalate to root by abusing ESP-in-TCP ULP handling and corrupting the kernel page cache, effectively enabling an in-memory overwrite of /usr/bin/su to spawn a root shell without altering on-disk binaries. The flaw affects virtually all kernels affected by Dirtyfrag up to May 13, 2026; upstream patches exist, but unpatched systems remain at risk. Mitigations include unloading/disabling the affected ESP modules (esp4, esp6, rxrpc) via a dirtyfrag.conf and flushing caches or rebooting to drop the modified page cache. A public PoC on GitHub lowers the barrier to exploitation, so applying the patch promptly is critical.