{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihtjmmgxp6rwjahddyhs66zwzbsuyddpbmwvac7j2xachoezbiid4",
    "uri": "at://did:plc:b3tz6srl4ochk2wxn6dv6xpy/app.bsky.feed.post/3mlqtbflotfw2"
  },
  "path": "/Articles/1072647/",
  "publishedAt": "2026-05-13T15:26:20.000Z",
  "site": "https://lwn.net",
  "tags": [
    "announcement",
    "Dirty Frag",
    "disclosure",
    "patch",
    "proof\nof concept"
  ],
  "textContent": "Sam James has sent an announcement to the OSS Security mailing list about another local-privilege-escalation (LPE) exploit in the same class as Dirty Frag, called \"Fragnesia\". From the disclosure:\n\n> This is a separate bug in the ESP/XFRM from dirtyfrag which has received its own patch. However, it is in the same surface and the mitigation is the same as for dirtyfrag.\n>\n> It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve arbitrary byte writes into the kernel page cache of read-only files, without requiring any race condition.\n\nJames noted that there is a patch in the works, but it has not yet been pulled into Linus Torvalds's tree nor into any of the stable kernels. A proof\nof concept is also available.",
  "title": "Yet another Dirty Frag type vulnerability: Fragnesia"
}