The Short Version

  • Fragnesia is a Linux kernel local privilege escalation disclosed on May 13, 2026, by William Bowling of V12 Security
  • It allows an unprivileged local attacker to reach root by corrupting the kernel page cache through the XFRM ESP-in-TCP subsystem
  • The exploit overwrites system binaries such as /usr/bin/su in memory only, leaving files on disk untouched, which complicates detection
  • Exploitation is deterministic: no race condition required
  • public proof-of-concept has been available since the disclosure date
  • Immediate mitigation: rmmod esp4 esp6 rxrpc and restricting unprivileged user namespaces; no CVE assigned as of publication

William Bowling of V12 Security disclosed a Linux kernel local privilege escalation on May 13, 2026, publishing both a technical write-up and a working proof-of-concept. The vulnerability, named Fragnesia, sits in the kernel’s XFRM ESP-in-TCP subsystem and allows an unprivileged local attacker to overwrite system binaries in the kernel page cache, execute them, and obtain root. No CVE has been assigned as of May 14. Fragnesia is the latest in a sequence of Linux kernel privilege escalation disclosures in recent weeks, following Copy Fail (CVE-2026-31431, disclosed April 29) and DirtyFrag (disclosed May 7), which we covered previously.

DirtyFrag: Any User Account Can Become Root on Most Linux Servers. The Exploit Is Public. There Is No Patch.

What Fragnesia Does

Fragnesia is a local privilege escalation. An attacker already on the system with unprivileged access can use it to reach root. The preconditions are: unprivileged local access, and the ability to create user namespaces. On distributions where AppArmor does not restrict unprivileged user namespace creation, the attack surface is fully open. Kubernetes pod security standards and similar container-level policies do not prevent the unshare() call the exploit requires.

The modification the exploit writes exists only in the kernel page cache, not on disk. The original binary remains untouched on the filesystem. Standard file-integrity monitoring that reads from disk will not detect the change. After exploitation, dropping the page cache with echo 3 > /proc/sys/vm/drop_caches forces a reload from disk and clears any modified pages.

Copy Fail: Any Local User Can Get Root on Nearly Every Linux System Since 2017

How the Exploit Works

The vulnerability is a logic bug in how the kernel handles the transition of a TCP socket to espintcp ULP mode after data has already been spliced from a file into the receive queue. When that transition happens, the kernel processes the queued file pages as ESP ciphertext and decrypts them in place.

An attacker controls the AES-GCM keystream by selecting specific IV nonces. By constructing a 256-entry lookup table mapping keystream bytes to nonces, the exploit can write arbitrary bytes into the target file’s cached pages one byte at a time. The process is deterministic: no race condition, no repeated attempts. Bowling’s proof-of-concept uses this primitive to overwrite the first 192 bytes of /usr/bin/su with a position-independent ELF stub that calls setresuidsetresgid, and execve /bin/sh, producing a root shell.

The proof-of-concept is publicly available at github.com/v12-security/pocs.

Nginx Just Patched old Rewrite Module Flaw. RCE Was Possible With a Single HTTP Request.

Mitigation

No patched kernel release has been announced as of May 14, 2026. A two-line fix has been posted to the netdev mailing list that preserves the SKBFL_SHARED_FRAG flag when transferring fragment descriptors between socket buffers; it had not been merged into mainline at the time of disclosure. Apply vendor kernel patches as they become available.

Immediate steps available now:

  • Unload and blacklist the affected modules:
    rmmod esp4 esp6 rxrpc
    printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/fragnesia.conf
    This removes the XFRM ESP-in-TCP functionality the exploit depends on. It will break IPsec tunnels using these modules and may affect container networking (rxrpc).
  • Restrict unprivileged user namespaces where workloads allow. This eliminates the second precondition the exploit requires.
  • Clear the page cache on any host where exploitation is suspected: echo 3 > /proc/sys/vm/drop_caches. This forces a reload from disk and evicts any corrupted in-memory pages.
  • Monitor for unexpected namespace creation events and unusual XFRM configuration activity as a detection measure.

No evidence of in-the-wild exploitation has been reported as of May 14, 2026.