Shared Fragment Marker Issue in Linux Kernel Network Functionality

CVE-2026-46300

What is CVE-2026-46300?

A vulnerability in the Linux kernel affects the handling of shared-frag markers during packet coalescing. Specifically, the function skb_try_coalesce() can improperly transfer ownership of page-backed fragments without preserving the shared-frag marker. This loss can disrupt later processing, notably affecting ESP input checks that rely on identifying if a non-cloned skb can bypass certain memory operations. Consequently, sensitive data may become susceptible to unauthorized access, as the integrity check for shared fragments is compromised, enabling potential decryption vulnerabilities over page-cache backed fragments.

News Articles

Techtimes

CVE-2026-46300

Fragnesia Flaw Hands Linux Users Root Access: Third Kernel Bug in Two Weeks, Born From Patch

A newly disclosed Linux kernel flaw nicknamed Fragnesia — tracked as CVE-2026-46300 — lets any unprivileged local user gain root on essentially every major Linux distribution shipped before May 13,

1 week ago

Webpronews

CVE-2026-46300

Fragnesia Exposes Linux Kernel's Fragile Networking Code Yet Again

Fragnesia (CVE-2026-46300) delivers yet another local root exploit in the Linux kernel, exploiting XFRM ESP-in-TCP logic to write to read-only page cache. Following Dirty Frag by days, it forces rapid patching across distributions while exposing persistent weaknesses in networking and memory managem...

1 week ago

It Security News

CVE-2026-46300

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) - IT Security News

Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka “Fragnesia”. The flaw is in the same class of vulnerabilities as the recently disclosed Dirty Frag bug(s). Like Dirty Frag, it affects…Read more →

1 week ago

More News...

References