CVE-2026-46300 ("Fragnesia") is a local privilege escalation vulnerability in the Linux kernel's xfrm-ESP module, which was inadvertently activated by the patch for the related Dirty Frag bug (CVE-2026-43284). Affected versions include Linux kernel 4.11 through 5.10.254, 5.12 through 5.15.204, 5.16 through 6.1.170, 6.2 through 6.6.137, and 6.7 through 6.12.86. The vulnerability is fixed in kernel versions 5.10.255, 5.15.205, 6.1.171, 6.6.138, 6.12.87, 6.18.28, and 7.0.5.
Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka âFragnesiaâ. The flaw is in the same class of vulnerabilities as the recently disclosed Dirty Frag bug(s). Like Dirty Frag, it affects the same Linux module (xfrm-ESP). In fact, according to Dirty Frag discoverer Hyunwoo Kim, Fragnesia was âaccidentally activatedâ by the patch fixing one of the original Dirty Frag vulnerabilities (i.e., CVE-2026-43284). CVE-2026-46300 explained Fragnesia was ⊠More â The post Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) appeared first on Help Net Security .