VulnerabilityBleeping Computer
8.8 — CRITICAL
New Fragnesia Linux flaw lets attackers gain root privileges
Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A new Linux kernel privilege escalation vulnerability, Fragnesia (CVE-2026-46300), allows attackers to gain root privileges by exploiting a logic bug in the XFRM ESP-in-TCP subsystem. This vulnerability belongs to the Dirty Frag class and affects all Linux kernels released before May 13, 2026.
⚙️Technical Details
CVEs
CVE-2026-46300CVE-2026-43284CVE-2026-43500Affected Systems: Linux
Affected Systems
Linux
Attack Vectors
LOCAL
💥Impact Assessment
Severity: Critical
Who Is at Risk
All Linux users and organizations with vulnerable systems
🛡️Recommended Actions
1Apply kernel updates for the environment as soon as possible
2Remove vulnerable kernel modules (esp4, esp6, rxrpc) using the provided mitigation command
3Use the same mitigation used for Dirty Frag commands to remove vulnerable kernel modules
📦Affected Products
Linux Linux Kernel
🔐NVD Verified DataVERIFIED
CVE-2026-43284 ↗CVSS 8.8 — HIGH
Attack Vector
LOCAL
Complexity
LOW
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HWeaknesses
CWE-123
Affected Products (CPE)
Linux Linux Kernel
CVE-2026-43500 ↗CVSS 7.8 — HIGH
Attack Vector
LOCAL
Complexity
LOW
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-787
Affected Products (CPE)
Linux Linux Kernel
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.