Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-13T12:00:00 kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-123

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally-owned or page-cache-backed frags, but the shared-frag marker is currently lost. That breaks the invariant relied on by later in-place writers. In particular, ESP input checks skb_has_shared_frag() before deciding whether an uncloned nonlinear skb can skip skb_cow_data(). If TCP receive coalescing has moved shared frags into an unmarked skb, ESP can see skb_has_shared_frag() as false and decrypt in place over page-cache backed frags. Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged frags. The tailroom copy path does not need the marker because it copies bytes into @to's linear data rather than transferring frag descriptors.

A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged binaries and gain root privileges.

This issue is classified as Important, rather than Critical severity, because exploitation requires local access to the system. A low-privileged local attacker can exploit this flaw in the Linux kernel's XFRM ESP-in-TCP subsystem to gain root privileges by overwriting sensitive system files. Exploitation does not require user interaction, potentially resulting in full compromise of confidentiality, integrity, and availability. See the security bulletin for a detailed mitigation procedure. NVIDIA for RHEL 10 2026-05-20T00:00:00Z RHSA-2026:19540 kernel-0:6.12.0-211.8.el10nv Red Hat Enterprise Linux 10 2026-05-20T00:00:00Z RHSA-2026:19569 kernel-0:6.12.0-211.16.1.el10_2 Red Hat Enterprise Linux 10.0 Extended Update Support 2026-05-21T00:00:00Z RHSA-2026:20299 kernel-0:6.12.0-55.75.1.el10_0 Red Hat Enterprise Linux 8 2026-05-20T00:00:00Z RHSA-2026:19664 kernel-rt-0:4.18.0-553.125.1.rt7.466.el8_10 Red Hat Enterprise Linux 8 2026-05-20T00:00:00Z RHSA-2026:19666 kernel-0:4.18.0-553.125.1.el8_10 Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 2026-05-21T00:00:00Z RHSA-2026:20130 kernel-0:4.18.0-305.192.1.el8_4 Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On 2026-05-21T00:00:00Z RHSA-2026:20130 kernel-0:4.18.0-305.192.1.el8_4 Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support 2026-05-21T00:00:00Z RHSA-2026:20051 kernel-0:4.18.0-372.193.1.el8_6 Red Hat Enterprise Linux 8.6 Telecommunications Update Service 2026-05-21T00:00:00Z RHSA-2026:20051 kernel-0:4.18.0-372.193.1.el8_6 Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions 2026-05-21T00:00:00Z RHSA-2026:20051 kernel-0:4.18.0-372.193.1.el8_6 Red Hat Enterprise Linux 8.8 Telecommunications Update Service 2026-05-20T00:00:00Z RHSA-2026:19521 kernel-0:4.18.0-477.143.1.el8_8 Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions 2026-05-20T00:00:00Z RHSA-2026:19521 kernel-0:4.18.0-477.143.1.el8_8 Red Hat Enterprise Linux 9 2026-05-20T00:00:00Z RHSA-2026:19568 kernel-0:5.14.0-687.10.1.el9_8 Red Hat Enterprise Linux 9 2026-05-20T00:00:00Z RHSA-2026:19568 kernel-0:5.14.0-687.10.1.el9_8 Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions 2026-05-20T00:00:00Z RHSA-2026:19705 kernel-0:5.14.0-70.180.1.el9_0 Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions 2026-05-20T00:00:00Z RHSA-2026:19711 kernel-rt-0:5.14.0-70.180.1.rt21.252.el9_0 Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions 2026-05-26T00:00:00Z RHSA-2026:20593 kernel-0:5.14.0-284.172.1.el9_2 Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions 2026-05-20T00:00:00Z RHSA-2026:19875 kernel-rt-0:5.14.0-284.172.1.rt14.457.el9_2 Red Hat Enterprise Linux 9.4 Extended Update Support 2026-05-21T00:00:00Z RHSA-2026:20054 kernel-0:5.14.0-427.126.1.el9_4 Red Hat Enterprise Linux 9.6 Extended Update Support 2026-05-21T00:00:00Z RHSA-2026:20129 kernel-0:5.14.0-570.116.1.el9_6 Red Hat OpenShift Container Platform 4.16 2026-05-29T00:00:00Z RHSA-2026:20087 rhcos-416.94.202605200242-0 Red Hat OpenShift Container Platform 4.21 2026-05-26T00:00:00Z RHBA-2026:20032 kernel-0:5.14.0-570.116.1.el9_6 Red Hat OpenShift Container Platform 4.21 2026-05-26T00:00:00Z RHBA-2026:20032 openshift-0:4.21.0-202605142021.p2.geab2218.assembly.stream.el10 Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-46300 https://nvd.nist.gov/vuln/detail/CVE-2026-46300 True