"The vulnerability allows unprivileged local attackers to modify read-only file contents in the kernel page cache and achieve root privileges through a deterministic page-cache corruption primitive," Wiz wrote.
CVE-2026-46300: a new kernel local privilege escalation
The bug, tracked as CVE-2026-46300 and codenamed Fragnesia, was disclosed after discovery by William Bowling of the V12 security team. It targets the Linux kernel's XFRM ESP-in-TCP subsystem and carries a CVSS score of 7.8. Public reporting describes Fragnesia as the third Linux kernel local privilege escalation (LPE) discovered within a two-week span.
Technical mechanism: page-cache corruption via XFRM ESP-in-TCP
According to the disclosures, Fragnesia abuses a logic flaw in the ESP/XFRM implementation to obtain a deterministic arbitrary-byte write into the kernel page cache for read-only files. That primitive permits an attacker to corrupt page-cache memory of the /usr/bin/su binary and gain immediate root privileges on major distributions. V12 released a proof-of-concept exploit demonstrating the technique.
V12 described Fragnesia as separate from, but operating in the same surface as, the earlier Dirty Frag and Copy Fail vulnerabilities. Unlike some other exploits, Fragnesia "does not require any race condition" to achieve the write primitive. Wiz also observed that, unlike Dirty Frag, Fragnesia requires no host-level privileges to succeed.
Vendor and distribution guidance: patches, mitigations, and assessments
Multiple Linux distributions and vendors issued advisories and guidance. CloudLinux maintainers told customers that "customers who have already applied the Dirty Frag mitigation need no further action until patched kernels are released." Red Hat said it is performing an assessment to determine whether existing mitigations for prior bugs extend to CVE-2026-46300.
Microsoft said a patch is available and that, while "no in-the-wild exploitation has been observed at this time," it urges users and organizations to apply the patch as soon as possible by running update tools. Microsoft recommended, where patching is not yet possible, applying the same mitigations used for Dirty Frag — including disabling esp4, esp6, and related xfrm/IPsec functionality, restricting unnecessary local shell access, hardening containerized workloads, and increasing monitoring for abnormal privilege-escalation activity.
Wiz additionally noted that AppArmor restrictions on unprivileged user namespaces may act as a partial mitigation, though it observed such restrictions would require additional bypasses for successful exploitation.
Threat actor activity and exploit-market claims
At the same time as the technical disclosure, a threat actor using the name "berz0k" was observed advertising a zero-day Linux LPE exploit for $170,000 on cybercrime forums, according to ThreatMon. The actor claimed the exploit worked on multiple major Linux distributions and described it as TOCTOU-based (time-of-check/time-of-use), capable of stable local privilege escalation without causing system crashes. ThreatMon reported the actor said the exploit leverages a shared object (.so) payload dropped into /tmp.
That claim sits alongside the public proof-of-concept released by V12, a combination that raises the possibility both of defensive research and of commercialized offensive interest appearing in parallel.
What this means for technologists, enterprises, and end users
- Technologists and security teams: Apply the patch that vendors have published and, if immediate patching is impossible, implement the Dirty Frag mitigations named by Microsoft (disable esp4/esp6 and related xfrm/IPsec, restrict local shell access, harden container workloads, and increase monitoring). Note that AppArmor may offer partial protection but could require additional bypasses.
- Enterprises and procurement leaders: Track vendor advisories closely — CloudLinux has advised no additional action for customers already mitigated for Dirty Frag, while Red Hat's assessment is pending — and ensure update tools are run to move systems to patched kernels when they are released.
- End users and administrators: Be aware that the exploit targets local accounts to achieve root and that public proof-of-concept code is available; consider restricting unnecessary local shell access and monitoring for abnormal privilege-escalation behavior.
Fragnesia joins a short run of serious kernel LPEs by achieving an immediate root outcome through page-cache corruption and an XFRM logic flaw. A patch exists, a PoC is public, and an exploit is being offered on criminal forums for a six-figure price — creating a narrow window in which delayed patching or incomplete mitigations could be consequential. Red Hat's pending assessment of existing mitigations and the requirement for some environments to disable IPsec-related features leave open a practical question for operators: how broadly can Dirty Frag-era mitigations be relied upon until every distribution ships and verifies patched kernels?
