New Fragnesia Local Privilege Escalation Vulnerability Disclosed in Linux Kernel

The Fragnesia local privilege escalation vulnerability in the Linux kernel was publicly disclosed on May 16, 2026, on an open-source security mailing list. It exploits a separate logic bug in the ESP/XFRM subsystem, similar to the prior Dirty Frag vulnerability, but allows arbitrary byte writes into the kernel page cache of read-only files without needing race conditions ^{[1, 2]}.

Proof of concept exploit code for Fragnesia is already publicly available, raising concerns about potential attacks. A patch to fix the security flaw has been developed but has not yet been merged into Linus Torvalds's mainline kernel or stable releases ^{[1, 2]}.

On the same day, the Linux mainline kernel released a patch fixing the ssh-keysign-pwn vulnerability, which allowed unprivileged users to read root-owned files. Several long-term supported (LTS) kernels including versions 6.18.31, 6.12.89, 6.6.139, 6.1.173, 5.15.207, and 5.10.256 received the ssh-keysign-pwn patch ^{[3, 4]}.

Also, Linux 7.0.8 and multiple LTS kernels incorporating this fix were released on May 16. Rocky Linux announced an optional security repository to deliver important security patches more rapidly, ahead of official Red Hat Enterprise Linux releases ^{[5, 4]}.

In parallel, NVIDIA engineer Sasha Levin proposed a new Linux kernel "kill switch" feature aimed at mitigating pending kernel vulnerabilities temporarily. The feature would intercept calls to affected kernel functions until proper patches are available but requires a reboot to clear the in-memory modifications. Some concerns were raised about the possibility of introducing new attack vectors. Part of the kill switch patch was reportedly generated by an AI language model (Claude Opus 4.7), raising questions about its vetting process ^[6].

The Linux kernel community is expected to review and decide on merging the Fragnesia patch soon. The availability of a public exploit and the lack of a merged fix emphasize the urgency for users and administrators to monitor their systems closely and apply new kernel stable releases when available.