Fragnesia Linux Kernel LPE (CVE-2026-46300) Grants Root via Page Cache Corruption

A newly disclosed Linux kernel local privilege escalation vulnerability, dubbed Fragnesia (CVE-2026-46300, CVSS 7.8), allows local attackers to gain root access through page cache corruption in the kernel’s XFRM subsystem. This is the third such kernel bug discovered within two weeks, related to the earlier Dirty Frag family of vulnerabilities.

Distribution maintainers are actively releasing patches. Fragnesia requires local code execution, limiting its direct network-exposed attack surface, but it is highly relevant for multi-tenant environments, container hosts, and cloud VMs where tenants or unprivileged users can run local code. Apply kernel updates from your distribution as soon as they are available.