A new linux kernel flaw allows attackers to abuse the XFRM ESP-in-TCP subsystem.

A newly disclosed Linux kernel flaw, CVE‑2026‑46300 and nicknamed Fragnesia, allows local attackers to escalate privileges to root by abusing the XFRM ESP‑in‑TCP subsystem. The bug enables attackers to overwrite sensitive system files, including binaries like /usr/bin/su or even /etc/passwd. Most major Linux distributions are affected and have begun issuing patches.

Read more:

https://www.securityweek.com/new-linux-kernel-vulnerability-fragnesia-allows-root-privilege-escalation/