Fragnesia: Copy Fail 3.0 that compromises page cache byte by byte

Key points:
  • Fragnesia (CVE-2026-46300), or Copy Fail 3.0, is a local privilege escalation vulnerability in the xfrm-ESP subsystem of Linux.
  • It exploits a logical error in the implementation of ESP-in-TCP, allowing overwriting of read-only files in the page cache without race conditions.
  • The attacker uses the AES-GCM algorithm to inject code byte by byte into protected suid binaries, such as /usr/bin/su, gaining superuser access.
  • It affects Linux kernels released before May 13, 2026; execution requires having unprivileged user namespace creation enabled.
  • As a temporary mitigation while patches are being deployed, it is recommended to block the loading of the esp4 and esp6 kernel modules.
David Y. Naranjo

5 minutes

vulnerability

If exploited, these flaws can allow attackers to gain unauthorized access to sensitive information or generally cause problems

La Linux security has been severely affected in recent days and faces an unprecedented operational crisis with the discovery of Fragnesia (CVE-2026-46300), the fourth critical vulnerability reported.

Also known as Copy Fail 3.0 by the V12 research team responsible for its discovery, this Local privilege escalation flaw exposes a universal attack vector and extremely accurate. Like its predecessors, Fragnesia allows an unprivileged user to gain absolute administrator access by overwriting data directly into the RAM page cache, without altering the physical files on the hard drive. Although it shares the same attack vector as Dirty Frag inside the xfrm-ESP subsystemIts nature stems from a completely different logical error that has required the design of an independent and urgent mitigation patch.

What makes Fragnesia exceptionally dangerous is its ability to perform arbitrary byte writes to read-only files without relying on complex race conditionsThe vulnerability is triggered through the ESP-in-TCP protocol encapsulation mechanism, revealing that previously issued patches were insufficient or, paradoxically, created the conditions to accidentally trigger this new vulnerability in kernels released up to May 13, 2026. With a fully functional, publicly available operating code. now available, the System administrators face a race against time to implement lockdowns temporary while major distributions deploy the final fixes to their repositories.

Fragment Forgetting and AES-GCM Cryptographic Injection

El The origin of Fragnesia lies in a flaw in logic within the kernel's network buffer management. central error occurs because the buffer (skb) literally "forgets" that a fragment of memory It is being shared during the data coalescence process. When a TCP socket makes the transition to user-level mode (ULP) espintcp after the data has already been transferred from a file to the receive queue, The kernel makes the fatal mistake of processing the queued file pages as if they were legitimate ESP ciphertext. In an attempt to optimize performance and avoid unnecessary storage, the system applies the AES-GCM cryptographic algorithm directly to the page cache using an in-place XOR operation. By carefully manipulating the initialization vector (IV), or nonce, an attacker can force the system to produce a specific byte from the keystream, thereby overwriting any target byte in the file with the exact desired value.

Lookup tables and the alteration of protected binaries

El The attack begins by isolating the process in a new user and network namespace., where he attacker installs an ESP security association of transport mode with a known key. Next, the The program builds a lookup table of 256 entries that maps each possible resulting byte of the cryptographic key stream with its respective nonce. Using direct memory transfer (splice), the attacker loads an executable file into the page cache critical of the system with the suid bit set, Typically the /usr/bin/su utility. Meticulously iterating byte by byte and repeatedly triggering the fault, The software overwrites the first 192 bytes of the original utility with a small executable code. (stub) independent of position. When the altered command is finally invoked, the operating system ignores the secure file on the hard drive and executes the contaminated version from the cache, instantly granting a superuser or root shell session.

Environmental restrictions and critical cleaning protocols

Despite being an exploit, its successful execution depends on a specific environmental condition.: the ability to create unprivileged user namespaces. In systems with restrictive default configurations, like Ubuntu with its active AppArmor profiles, The attack is blocked in its initial phase unless the administrator has modified the parameters of the kernel to enable this function.

A critical aspect of this attack is the temporary persistence of the infection. Because the altered binary remains in the page cache, any subsequent legitimate execution of the infected command will still open unwanted root sessions. Therefore, it is important for security teams to immediately purge the system cache using virtual memory tools after any proof-of-concept attack.

To mitigate the threat on production servers until official patches arrive, the technical recommendation is to radically disable the loading of the esp4, esp6, and rxrpc modules in the kernel's global configuration.

Finally, if you are interested in being able to know more about it, you can consult the details In the following link.