Copy Fail. Dirty Frag. Now Fragnesia. Three Linux kernel local privilege escalations in three weeks, each requiring a separate kernel patch and reboot. The third one, CVE-2026-46300, was not found by threat actors. It was accidentally created by the patch that fixed one of the Dirty Frag vulnerabilities.
That is worth sitting with for a moment.
What Fragnesia is
Fragnesia lives in the same Linux subsystem as Dirty Frag: the XFRM ESP-in-TCP module. Researcher William Bowling of Zellic.io found it using an AI-agentic software auditing tool his team built.
The technical issue is specific. When the kernel coalesces socket buffer fragments via skb_try_coalesce(), it fails to propagate the SKBFL_SHARED_FRAG flag, which marks certain pages as shared with other subsystems. Without that flag, the kernel treats those file-cache-backed pages as safe to write. An unprivileged local user can trigger a controlled modification to read-only file contents in the page cache, including setuid binaries.
The public proof-of-concept from Zellic's V12 Security team overwrites /usr/bin/su. Microsoft Threat Intelligence noted you are not limited to that binary: any file readable by the attacker's user works, including /etc/passwd.
The result is deterministic, local privilege escalation to root.
Why this happened
Hyunwoo Kim, who discovered the original Dirty Frag vulnerabilities, confirmed that Fragnesia was accidentally activated by the patch for CVE-2026-43284. When you fix one interaction in a complex kernel subsystem, you change the assumptions other parts of the kernel make. The XFRM/ESP module is complex and carries a lot of state; each patch is a bet on which adjacent behaviors stay stable.
Zellic's AI-agentic auditing tool found the regression faster than any human review process would have. That is the same class of tool attackers are now deploying. William Bowling's finding is defensive. The next person to find something in the same subsystem may not be.
What makes this higher risk than usual
Fragnesia is less dangerous on single-user workstations or single-tenant servers. The threat escalates on shared Linux hosts where multiple users share a kernel, container clusters where the page cache is shared across the host, CI/CD runners and build farms, and cloud SaaS solutions running user-submitted code.
Any environment where an attacker can get local unprivileged code execution has a realistic escalation path to root. In a container cluster, that means host escape is one step closer.
What to do
Patch first. AlmaLinux and CloudLinux have already shipped kernel patches. Other distributions are following. Apply vendor kernel patches and reboot when available.
Mitigate immediately if patching is delayed. Denylist or unload the vulnerable modules: esp4, esp6, and rxrpc. This also covers Dirty Frag, so you get a two-for-one mitigation. These are the same three modules from the prior Dirty Frag advisory.
Flush the page cache after mitigating. The CloudLinux team makes a critical point: if your system was targeted before you applied the mitigation, the page cache may already contain a corrupted binary. Dropping the page cache forces a reload from disk: sudo sh -c 'echo 3 > /proc/sys/vm/drop_caches'
No in-wild exploitation confirmed as of May 14. Unlike Copy Fail, Fragnesia has not yet reached CISA's Known Exploited Vulnerabilities catalog. The public PoC exists, which means that window is closing.
The bigger pattern
Copy Fail (April 29). Dirty Frag (May 7, three CVEs). Fragnesia (May 14). All three are in related kernel subsystems. All three require separate patches and reboots. Fragnesia was found with an AI-agentic auditing tool.
This is the 2026 defender condition in its most concrete form: automated bug-finding tools are surfacing vulnerabilities faster than patch pipelines can absorb them, patches introduce new bugs that automated tools find immediately, and the window between disclosure and exploitation is compressing because the PoC tooling is available to everyone.
Patch quickly. Audit your module denylist configuration. And plan for this pattern to continue.
Gigia Tsiklauri is a Security Architect and founder of Infosec.ge. Get in touch if you want to talk through how this affects your environment.