{"id":36212,"date":"2026-05-15T02:48:51","date_gmt":"2026-05-15T02:48:51","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=36212"},"modified":"2026-05-15T02:48:54","modified_gmt":"2026-05-15T02:48:54","slug":"linux-kernel-fragnesia-privilege-escalation-vulnerability-cve-2026-46300-notice","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/linux-kernel-fragnesia-privilege-escalation-vulnerability-cve-2026-46300-notice\/","title":{"rendered":"Linux Kernel Fragnesia Privilege Escalation Vulnerability (CVE-2026-46300) Notice"},"content":{"rendered":"\n

Overview<\/h2>\n\n\n\n

Recently, NSFOCUS Technology CERT detected that the Linux kernel Fragnesia privilege escalation vulnerability (CVE-2026-46300) was disclosed online. Fragnesia is a new variant of Dirty Frag<\/a>; Due to the logical defects in the processing of shared page fragments by the ESP-in-TCP subsystem during the skb merge process, a local attacker with ordinary permissions can inject arbitrary bytes into the page cache of key binary files such as \/usr\/bin\/su by constructing a specific splice+ULP trigger sequence, thereby obtaining system root permissions. In a multi-tenant server, jump server or container cloud environment, ordinary users and processes in containers can use this to achieve local privilege escalation or container escape. The CVSS score is 7.8. At present, the vulnerability details and PoC have been made public. Relevant users are requested to take measures to protect themselves as soon as possible.<\/p>\n\n\n\n

Note: This vulnerability is highly stable and concealed. Attackers can accurately tamper with the execution instructions of high-privilege programs such as su in memory by running short scripts; because this exploitation process is triggered by deterministic logic, does not rely on race conditions, and only tampers with memory data without destroying the original disk files, it is difficult for traditional security tools based on disk scanning to discover in real time.<\/p>\n\n\n\n

The Linux kernel is the core component of the operating system, responsible for key functions such as process management, memory management, device drivers, file systems and network protocol stacks. It is widely deployed in servers, desktop systems and embedded devices. The esp4 and esp6 modules are the core components of the IPsec protocol stack, responsible for processing ESP (Encapsulating Security Payload) protocol packets for IPv4 and IPv6 respectively. They are key mechanisms for encrypting, authenticating and encapsulating traffic for IPsec. The rxrpc module is a core component that implements the RxRPC (Remote Procedure Call over unreliable datagram networks) protocol and is designed to provide reliable remote procedure call (RPC) communication over unreliable UDP networks.<\/p>\n\n\n\n

NSFOCUS has successfully reproduced this vulnerability:<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Reference link: https:\/\/access.redhat.com\/security\/cve\/CVE-2026-46300<\/a><\/p>\n\n\n\n

Scope of Impact<\/h2>\n\n\n\n

Affected versions<\/strong><\/a><\/strong><\/a><\/p>\n\n\n\n