A new local privilege escalation (LPE) vulnerability called 'Fragnesia' has been disclosed, affecting the Linux kernel's ESP/XFRM subsystem. Similar to the previously known Dirty Frag exploit, it abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve arbitrary byte writes into the kernel page cache of read-only files — without requiring a race condition. A patch is in progress but has not yet been merged into Linus Torvalds's tree or any stable kernel branches. A proof of concept is publicly available.
Sort: