Local Privilege Escalation (CVE‑2026‑46300) in Linux Kernel “Fragnesia” Grants Root via Page‑Cache Corruption
What It Is – A newly disclosed Linux kernel vulnerability, codenamed Fragnesia, exploits a flaw in the XFRM subsystem that corrupts the page cache, allowing a local, unprivileged attacker to elevate to root. The issue is tracked as CVE‑2026‑46300 and carries a CVSS 7.8 (High).
Exploitability – Proof‑of‑concept code has been released publicly, and early reports indicate active exploitation in the wild against vulnerable Linux hosts.
Affected Products – All Linux distributions shipping the vulnerable kernel series (e.g., 5.15‑x, 6.1‑x, and downstream patches that have not yet incorporated the fix). This includes servers, containers, and embedded devices that rely on the affected kernel.
TPRM Impact – Organizations that depend on third‑party Linux‑based services (cloud providers, SaaS platforms, managed hosting, and IoT vendors) may inherit the risk. A successful LPE can lead to full system compromise, credential theft, and lateral movement across supply‑chain boundaries.
Recommended Actions –
- Identify all assets running a vulnerable kernel version (use SBOM tools, inventory scans, or CVE‑monitoring feeds).
- Apply the upstream kernel patches released by the Linux kernel maintainers immediately; for distributions without a patch, consider temporary mitigations such as disabling the XFRM subsystem or enforcing SELinux/AppArmor confinement.
- Verify that container images and VM templates are rebuilt with the patched kernel.
- Update incident‑response playbooks to include detection of the Fragnesia exploitation pattern (e.g., abnormal page‑cache activity, unexpected privilege escalation alerts).
- Communicate the risk to third‑party vendors and require proof of remediation in contractual security clauses.
Source: The Hacker News