(From the Manjaro forums)
Thanks to @dirn to point this out.
āFragnesiaā is a variant of Dirty Frag vulnerability in the ESP/XFRM. CVE-2026-46300 is the id used to track this. How this functions is
So it takes /usr/bin/su in RAM, Modifies its first 192 bytes, executes it and gets privilege escalation. Since the file, /usr/bin/su, on the disk is not modified, all of this happens in RAM, an Host based file system monitoring solution will not catch the exploit. This exploit uses page-cache corruption vulnerability.
It does not require user interaction, so without user doing anything this can be triggered from a service or from a timer or from any thing else.
The mitigation for this remains the same as that for dirty-frag. Stop the loading of ESP4, ESP6 and XFRM modules. Put the following in the directory /etc/modprobe.d/ inside a .conf file.
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
blacklist esp4
blacklist esp6
blacklist rxrpc
I wonder if this has been patched or not.
From the OSS-mailing list,
Does this mean that Fragnesia was accidentally activated because of the fix for the Dirty-Frag, i.e. CVE-2026-43284? Or am I misunderstanding this?
Continuing in the same email-chain
So disabling username space will mitigate the attack vector? It is time for a bottom up re-write of namespaces in Linux Kernel. And it is also time for Firefox and other apps to stop using namespaces.
From the same email-chain
So despite dirty-frag being fixed should the mitigation remain in place. The folks at VPN Service providers are not going to be happy. 
Some kernel developers are getting annoyed
Wow Microsoft(and others Iām sure) is pushing hard in Linux smear campaign 
This and all does DoS attacks 
.
Well the question still stands. Has this been patched? Does the dirty-frag vulnerability fix also patch this up?
Or do we have to wait for another Linux Kernel update?
It looks like it hasnāt been patched yet, because theyāre not following responsible disclosure of waiting 90 days. They must really be desperate.
The mitigation for Fragnesia appears to be the same as that for Dirty Frag.
If youāre not needing IPSec (sorry @Archie1 ), or using the Andrew File System (AFS), I suspect you could simply leave these modules disabledā¦
but this ādrop it while itās hotā approach to seemingly promote yet another AI vulnerability discovery service is a trend I canāt abide.
Oh I dont envy being in Linux Kernel developer shoes. Windows and Mac OSX gets a pass since they have closed source code. So no one is aware of the vulnerabilities that are there inside Windows.
I just added this to my blacklist.confā¦
Iāll just wait for a new kernel update just like the last couple times this happened.
New kernel 7.0.7 just dropped; might be a Fragnesia fix, but it broke my laptopās internal bluetooth.
these bug names lately have been hot and sexy.
Just sayin.
Just installed 7.0.7 kernel. . . . Iāll have to check and see if my bluethooth is still working. . .
Rich 
Iāve gone through the bluetooth help in the āWelcomeā app. Iāve gotten my āSmokin Budsā to work a few times in the past but more often than not they disconnect or canāt be found again during pairing. Right now I have conflicts with the bluetooth being āenabledā and ānot enabledā in several different place locations in the KDE plasma software. This is particularly strange in my opinion. In some areaās it is enabled and others not enabled. . . . Itās pretty much screwed up. When these earphones worked in the past they were great and worked like a charm . . . .now they donāt work once again. Iām currently running kernel 7.0.7 - 2-1 arch.
Rich
Who made your laptopās bluetooth module? Mine is from Mediatek, and I did see that 7.0.7 touched Mediatek bluetooth driver codeā¦
7.0.8.arch1-1 / 7.0.8-zen1-1-zen fixes this for Mediatek BT.
Arch mainterners picked a pending patch from upstream.
Why is a fix for Fragnesia and dirty-frag updating code of Bluetooth? Or did the Bluetooth code just hop a ride with this fix.