1. Forum
  2. MicroNet
  3. MIN COMP

  • Yet another Dirty Frag type vulnerability: Fragnesia

    From LWN.net@618:250/24 to All on Thu May 14 06:40:09 2026

    Sam James has sent an announcement
    to the OSS Security mailing list about another
    local-privilege-escalation (LPE) exploit in the same class as Dirty Frag, called
    "Fragnesia". From the disclosure:

    This is a separate bug in the ESP/XFRM from dirtyfrag which has received its own patch. However, it is in the same surface and the mitigation is the same as for dirtyfrag.

    It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to
    achieve arbitrary byte writes into the kernel page cache of read-only
    files, without requiring any race condition.

    James noted that there is a patch
    in the works, but it has not yet been pulled into Linus Torvalds's
    tree nor into any of the stable kernels. A proof
    of concept exploit is also available.

    https://lwn.net/Articles/1072647/
    --- SBBSecho 3.37-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)