Fragnesia LPE Uses Kernel Page Cache to Grant Root Access (CVE-2026-46300)
A new Linux kernel local privilege escalation called Fragnesia (CVE-2026-46300) targets the XFRM ESP-in-TCP subsystem to corrupt the kernel page cache and convert unprivileged users into root. A PoC has been released, advisories have been issued by major distros, and patches are available. Users should patch promptly or apply Dirty Frag mitigations (e.g., disable esp4/esp6 and harden containers) while monitoring for escalation attempts. A threat actor, berz0k, is advertising a zero-day LPE exploit for sale on cybercrime forums.