From: Jiayuan Chen <jiayuan.chen@linux•dev>
To: Wade Sparks <wsparks@vulncheck•com>, netdev@vger•kernel.org
Cc: Disclosures <disclosure@vulncheck•com>
Subject: Re: Unidentified Fragnesia Variant with Public PoC
Date: Fri, 29 May 2026 14:37:51 +0800 [thread overview]
Message-ID: <689d4e81-583e-446c-b18a-3aec328ac395@linux.dev> (raw)
In-Reply-To: <CAA1v+Sj=THjpUA6m0wX26DVQWMe8=YMZ5HwMo8K8ArjZopCKxg@mail.gmail.com>
On 5/28/26 11:12 PM, Wade Sparks wrote:
> Hello netdev team,
> (cc: security@kernel•org)
>
> The VulnCheck Research team recently discovered and successfully
> reproduced a *public* proof of concept
> <https://github.com/v12-security/pocs/tree/main/fragnesia-5db89c99566fc> (PoC)
> published by V12 Security that targets an unidentified variant of
> CVE-2026-46300, referred to as Fragnesia.
>
> The original Fragnesia patch only addressed the coalesce path, leaving
> the segmentation path independently exploitable. We confirmed the PoC
> works on the latest Ubuntu kernel release
> <https://ubuntu.com/about/release-cycle> as of 2026-05-27 (we are in
> the process of re-testing against v7.0.10 of the kernel.org release
> <https://kernel.org/>). The variant is distinct enough to warrant its
> own patch, as it operates in a different function with a different
> trigger path that survives the existing fix.
>
> If there is an existing patch that apparently has not made it's way to
> Ubuntu distributions, we'd greatly appreciate if you could flag so
> that we may initiate the CVE assignment process with kernel.org
> <http://kernel.org> CNA.
Maybe this commit 48f6a5356a33 fixed the variant you mentioned above ?
prev parent reply other threads:[~2026-05-29 6:38 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-28 15:12 Unidentified Fragnesia Variant with Public PoC Wade Sparks
2026-05-28 16:16 ` Andrew Lunn
[not found] ` <CAA1v+SiTtZA74PONT8vsipoze7ZpdxncRO3vMNjRWy=jsRoDKA@mail.gmail.com>
2026-05-28 19:22 ` Greg KH
2026-05-29 6:37 ` Jiayuan Chen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=689d4e81-583e-446c-b18a-3aec328ac395@linux.dev \
--to=jiayuan.chen@linux$(echo .)dev \
--cc=disclosure@vulncheck$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
--cc=wsparks@vulncheck$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox