Fragnesia: Linux kernel LPE in XFRM ESP-in-TCP

This repository is a standalone Go local privilege escalation exploit for the vulnerability labeled in comments as Fragnesia / CVE-2026-46300. It is not part of a common exploit framework. The codebase is compact and organized into four Go source files plus module metadata: main.go orchestrates execution and namespace re-exec, esp.go configures the kernel XFRM ESP-in-TCP security association over IPv6 loopback, trigger.go implements the keystream calculation and byte-by-byte page-cache corruption primitive, and pty.go provides an interactive PTY wrapper around su after exploitation. Core capability: the exploit abuses a kernel behavior where TCP_ULP espintcp is enabled after file-backed data has been splice()d into a TCP receive queue. The queued data is then AES-GCM processed in place, causing attacker-controlled XOR keystream bytes to be applied to the underlying page-cache page. The exploit uses this as a write primitive against /usr/bin/su. It first installs an ESP-in-TCP XFRM SA using NETLINK_XFRM with a hardcoded AES-128-GCM key and salt, then computes a 256-entry lookup table mapping desired keystream byte values to IV nonces. For each byte of a 192-byte embedded x86_64 ELF payload, it reads the current byte from /usr/bin/su, computes the needed XOR delta, selects a nonce producing that keystream byte, and triggers a local sender/receiver TCP pair over [::1]:5556. The sender writes an ESP-in-TCP prefix and splice()s file data from /usr/bin/su into the socket; the receiver later enables the espintcp ULP, causing in-place decryption/XOR on the queued page-cache-backed data. The exploit is clearly operational rather than a mere proof of concept because it contains a complete payload and post-exploitation flow. The embedded payload is a tiny ELF intended to execute /bin/sh as root. After patching, the program verifies marker bytes at offset 0x78 in /usr/bin/su, then launches su in a fresh PTY and bridges stdin/stdout to provide an interactive shell. It also auto-sends a blank newline if a password prompt appears. Notable implementation details: it uses CLONE_NEWUSER and CLONE_NEWNET to run the worker in isolated namespaces while mapping the current user/group to container root; it explicitly brings up the loopback interface in the new namespace; it hardcodes SPI 0x100, TCP encapsulation port 5556, and the espintcp ULP string; and it targets IPv6 loopback only. There are no external C2 or remote network endpoints—network activity is purely local and used as part of the exploitation primitive.

This repository is a small PoC-focused project containing one substantive exploit source file: pocs/fragnesia/fragnesia.c. The exploit is a real local privilege escalation PoC for a Linux kernel XFRM ESP-in-TCP page-cache corruption bug described as “Fragnesia,” part of the Dirty Frag bug class. It is not a framework module and not merely a detector. Repository structure: top-level README and LICENSE provide legal/research disclaimers; pocs/README.md is a placeholder; pocs/fragnesia/README.md contains the technical write-up, exploitation notes, mitigation guidance, and affected-version discussion; pocs/fragnesia/fragnesia.c contains the actual exploit implementation. Exploit purpose and flow: the code unshares into new user and network namespaces, gains CAP_NET_ADMIN within that namespace, installs an XFRM ESP-in-TCP security association via NETLINK_XFRM using a known AES-GCM key, and uses AF_ALG to precompute a lookup table mapping desired keystream bytes to IV nonces. It then repeatedly triggers a splice-then-ULP sequence so that file-backed pages already queued in a TCP socket are later interpreted as ESP ciphertext when TCP_ULP is switched to espintcp. This causes a controlled XOR of one byte into the kernel page cache for a read-only file. The exploit iterates byte-by-byte over a 192-byte embedded ELF payload, targeting the first bytes of /usr/bin/su in page cache. After verification, it execves /usr/bin/su, which now executes the injected stub from cache and spawns /bin/sh as root. Main capabilities: arbitrary byte writes into cached pages of read-only files; namespace-based setup to reach the vulnerable kernel path without host root; automated payload generation/use via embedded ELF shell stub; final root shell acquisition. The exploit is operational rather than just conceptual because it contains the full trigger logic and a working privilege-escalation payload, though the payload is hardcoded to /usr/bin/su and /bin/sh. Notable targeting details: the README states all kernels affected by Dirty Frag are affected, specifically kernels lacking the referenced May 13 2026 patch, with confirmed success on Ubuntu kernel 6.8.0-111-generic. Successful exploitation depends on unprivileged user namespaces being allowed and relevant XFRM/ESP functionality being available. The README warns that the poisoned /usr/bin/su remains dangerous until page cache eviction or reboot.

This repository is a minimal local Linux namespace exploitation/abuse proof-of-concept consisting of one Python script and a README disclaimer. The main file, CVE-2026-46300.py, uses ctypes to call libc.unshare() directly, first creating a new user namespace and then, after the parent writes UID/GID mappings via /proc/<pid>/uid_map, /proc/<pid>/setgroups, and /proc/<pid>/gid_map, creating a new network namespace. Inside the child namespace it attempts to initialize loopback using the external 'ip' command, then drops into an interactive REPL that executes arbitrary shell commands through /bin/sh. The demonstrated outcome in the README is 'whoami' returning 'root', which is consistent with namespace-root privileges rather than confirmed host privilege escalation. There are no remote network targets, callbacks, hardcoded C2 endpoints, or exploit framework artifacts. Structurally, the code is straightforward: helper wrappers for unshare and proc-file writes, a parent/child synchronization mechanism using pipes, namespace ID mapping logic, and an interactive command runner. Overall, this is an operational local privilege/context-manipulation PoC for Linux namespace root within isolated namespaces, not a remote exploit or detection script.