Yet another Dirty Frag type vulnerability: Fragnesia
Date:
Wed, 13 May 2026 15:26:20 +0000
Description:
Sam James has sent an announcement to the OSS Security mailing list about another
local-privilege-escalation (LPE) exploit in the same class as Dirty Frag , called
"Fragnesia". From the disclosure : This is a separate bug in the ESP/XFRM
from dirtyfrag which has received its own patch. However, it is in the same surface and the mitigation is the same as for dirtyfrag. It abuses a logic
bug in the Linux XFRM ESP-in-TCP subsystem to
achieve arbitrary byte writes into the kernel page cache of read-only
files, without requiring any race condition. James noted that there is a
patch in the works, but it has not yet been pulled into Linus Torvalds's
tree nor into any of the stable kernels. A proof
of concept is also available.
======================================================================
Link to news story:
https://lwn.net/Articles/1072647/
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)