Fragnesia Kernel bug corrupts page cache and can grant local root on major Linux distributions

Security researchers disclosed Fragnesia this week, a Linux kernel bug that corrupts file-backed pages for read-only files and permits arbitrary writes into the kernel page cache. The flaw requires no race condition, making it a dependable vector for local privilege escalation; in multi — tenant or containerized environments, that reliability raises the risk of host escapes and broader cross — tenant attacks.

The vulnerability was found by William Bowling and other researchers at AI security firm Zellic using the company’s agentic auditing tool, V12. Fragnesia lies in the kernel XFRM subsystem’s ESP-in-TCP path. The published proof — of-concept builds a 256 — entry lookup table that maps keystream bytes to nonces and then overwrites the first 192 bytes of the switch_user command in the page cache with a compact ELF stub that calls setresuid and spawns a shell.

Fragnesia is the third high-severity local — root kernel bug disclosed in roughly two weeks, following flaws known as Copy Fail and Dirty Frag. Reporting on these incidents has emphasized that AI-assisted bug-finding systems — examples cited include Claude Mythos and OpenAI Daybreak — are accelerating the discovery of subtle kernel logic errors and shifting the balance between automated analysis and human review in open-source security workflows.

The practical impact is immediate. AlmaLinux reports that Fragnesia yields root on all major distributions, and Red Hat has assigned the issue a CVSS score of 7.8. While the flaw is formally a local privilege — escalation vulnerability, its consequences are amplified in cloud settings: an attacker who can run code inside a container and create namespaces or network stacks could use Fragnesia to break out to host root and then target other virtual machines or containers on the same host.

Kernel developers and distribution maintainers are preparing patches that focus on hardening the ESP-in-TCP code path. Proposed fixes aim to eliminate in-place transformations on shared, file-backed pages and tighten fragment handling. An upstream patch to address Fragnesia exists, but as of May 13 it had not yet shipped in any major distribution.