VulnHub

Real-time Cybersecurity News

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)

Help Net Security
LinuxCVEVulnerabilityPatchPrivilege Escalation

Overview

Researchers have discovered a new local privilege escalation vulnerability in the Linux kernel, identified as CVE-2026-46300, and nicknamed 'Fragnesia.' This vulnerability is related to the earlier Dirty Frag bugs and affects the xfrm-ESP Linux module. The flaw was unintentionally introduced when a patch was applied to fix one of the original Dirty Frag vulnerabilities, specifically CVE-2026-43284. This means that systems using the affected module could be at risk, potentially allowing attackers to gain elevated privileges. It is crucial for users and administrators of Linux systems to stay informed about this issue and apply necessary updates as they become available.

Key Takeaways

  • Affected Systems: Linux kernel, xfrm-ESP module
  • Action Required: Users should monitor for patches related to CVE-2026-46300 and apply them as soon as they are released.
  • Timeline: Newly disclosed

Original Article Summary

Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka “Fragnesia”. The flaw is in the same class of vulnerabilities as the recently disclosed Dirty Frag bug(s). Like Dirty Frag, it affects the same Linux module (xfrm-ESP). In fact, according to Dirty Frag discoverer Hyunwoo Kim, Fragnesia was “accidentally activated” by the patch fixing one of the original Dirty Frag vulnerabilities (i.e., CVE-2026-43284). CVE-2026-46300 explained Fragnesia was … More → The post Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) appeared first on Help Net Security.

Impact

Linux kernel, xfrm-ESP module

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Users should monitor for patches related to CVE-2026-46300 and apply them as soon as they are released. Additionally, reviewing system configurations and access controls may help mitigate potential risks until a patch is available.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Linux, CVE, Vulnerability, and 2 more.

Read Original Article

Related Coverage

American Lending Center Data Breach Affects 123,000 Individuals

SecurityWeek

American Lending Center, a non-bank lender, recently confirmed that a ransomware attack it experienced nearly a year ago has impacted the personal data of approximately 123,000 individuals. The company took time to thoroughly investigate the breach before disclosing it to the public. While specific details about how the attackers gained access or the type of data compromised have not been released, the incident raises concerns about the security of sensitive financial information. Affected individuals may face risks such as identity theft or financial fraud as a result of this breach. It serves as a reminder for companies to prioritize cybersecurity measures to protect client data.

May 15, 2026

Bypassing On-Camera Age-Verification Checks

Schneier on Security

Recent findings reveal that some AI-driven video age-verification systems can be easily deceived using simple disguises, like a fake mustache. This raises significant concerns for platforms relying on these systems to prevent underage access to content. Researchers demonstrated that these AI checks, designed to ensure compliance with age restrictions, may not be as secure as intended. The implications of this vulnerability could be serious, as it allows minors to bypass safeguards meant to protect them. Companies that implement age-verification measures need to reassess their systems to ensure they cannot be easily tricked and to better protect their users.

May 15, 2026

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

Help Net Security

Microsoft has issued a warning about a serious cross-site scripting (XSS) vulnerability, identified as CVE-2026-42897, affecting on-premises versions of Microsoft Exchange Server. This vulnerability allows unauthorized attackers to spoof users over a network, posing significant risks to organizations that have not yet applied any fixes. The affected versions include Microsoft Exchange Server Subscription Edition RTM, 2019, and 2016, while Exchange Online remains unaffected. Microsoft is currently working on a permanent fix, but until it is released, they have provided temporary mitigations for users to implement. Organizations using the affected versions should take immediate action to safeguard their systems from potential exploitation.

May 15, 2026

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

SecurityWeek

The hacking group TeamPCP has released the source code for a piece of malware called the Shai-Hulud Worm. This release is particularly concerning as the group is actively encouraging other cybercriminals to utilize the code for supply chain attacks, even offering monetary rewards for successful exploits. Such attacks can have serious implications, as they target the software and services that organizations rely on, potentially compromising a wide range of systems. By making this code publicly available, TeamPCP is increasing the risk of these types of attacks, which could affect various sectors that depend on secure supply chains. Organizations should be vigilant and review their security measures to mitigate potential risks associated with this malware.

May 15, 2026

China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer

Infosecurity Magazine

Hackers believed to be linked to China have targeted the Indian branch of a major global manufacturer using a new type of malware called TencShell. This malware is based on an open-source offensive toolkit, which suggests that the attackers are utilizing publicly available resources to carry out their operations. The implications of this attack are significant, as it not only affects the manufacturer but also raises concerns about the security of global supply chains. Companies operating in similar sectors should be vigilant, as this incident could indicate a broader trend of targeting multinational firms. The incident underscores the need for enhanced cybersecurity measures across industries to protect against sophisticated attacks.

May 15, 2026

Chrome 148 Update Patches Critical Vulnerabilities

SecurityWeek

Google's latest Chrome update, version 148, addresses several critical vulnerabilities, including a serious use-after-free issue affecting various browser components. This type of vulnerability can allow attackers to execute arbitrary code, potentially leading to unauthorized access or data breaches. Users of Chrome should update to the latest version to ensure their browsers are secure. Keeping browsers up to date is crucial, as these vulnerabilities can be exploited if left unpatched. The update underscores the ongoing need for vigilance in cybersecurity, especially given the frequency of browser-based attacks.

May 15, 2026