A fix has been implemented and we are monitoring the results.
Posted May 22, 2026 - 10:08 UTC
Update
The KernelCare livepatch rollout is now complete on the main feed across all primary distributions: AlmaLinux ELS/FIPS variants, the EL8 family, Debian 11, Debian 12, and Ubuntu Jammy. KernelCare-subscribed servers receive the fix automatically on the next 'kcarectl --update'
Posted May 19, 2026 - 20:39 UTC
Update
A new wave of KernelCare livepatches incorporating the additional upstream fix has been released to the testing feed. Affected distributions in this wave: EL8, EL9, Debian 12, and AlmaLinux 10.
To deploy from the testing feed:
kcarectl --update --prefix test
Livepatches incorporating the additional upstream fix are now promoted to the main feed. KernelCare-subscribed servers on the main feed receive the fix automatically on the next kcarectl --update.
Patch IDs released today:
K20260515_34 — Rocky Linux 10 K20260515_27 — Oracle Linux 9 K20260515_21 — Oracle Linux 8 (UEK 7) K20260515_20 — Oracle Linux 9 (UEK 7) K20260515_01 — Ubuntu Noble K20260515_02 — Ubuntu Noble (AWS)
Posted May 15, 2026 - 14:48 UTC
Update
For customers running the LTS kernel, patched versions are released. Target versions:
kernel-lts-5.14.0-284.1101.el8.tuxcare.7.els33 or newer kernel-lts-5.14.0-284.1101.el9.tuxcare.7.els33 or newer Update with:
Final patched kernels for CL7h and CL8 are released. Target versions:
CL7h: kernel-4.18.0-553.124.3.lve.el7h or newer CL8: kernel-4.18.0-553.124.3.lve.el8 or newer Both are available in the beta channel and rolling out to stable. Because the stable rollout is gradual, use the following command if you want to install immediately:
Imunify360 already blocks the exploit related to Fragnesia (CVE-2026-46300) and uses extended heuristics to identify and mitigate new indicators more quickly! It does not replace the kernel update, but customers running Imunify360 are covered against currently observed exploitation attempts. More info: https://imunify360.com/
Update: May 15
CloudLinux kernel (CL7h, CL8) The AlmaLinux 8 fix that CloudLinux kernels for CL7h and CL8 build on has been rebuilt as kernel-4.18.0-553.124.3.el8_10 (now in AlmaLinux testing) to incorporate additional upstream patches. CloudLinux kernel builds are being updated accordingly. CL target package versions and channel availability will be added here on release.
AlmaLinux kernel (CL9, CL10)
The patched kernels in the AlmaLinux testing repository have been rebuilt to incorporate additional upstream patches. Updated target versions: CL9 / AlmaLinux 9: kernel-5.14.0-611.54.5.el9_7 or newer CL10 / AlmaLinux 10: kernel-6.12.0-124.56.3.el10_1 or newer These supersede the prior test builds (5.14.0-611.54.4.el9_7 and 6.12.0-124.56.2.el10_1). If you installed the earlier test kernel, update and reboot again. Promotion to production repositories will follow once community verification is complete.
KernelCare: First KernelCare livepatches are released for CloudLinux 9 customers running ELS or FIPS variants of the AlmaLinux 9 kernel. KernelCare-subscribed servers in scope receive the fix on the next 'kcarectl --update'.
We are continuing to work on a fix for this issue.
Posted May 15, 2026 - 12:16 UTC
Identified
Fragnesia is a separate bug from Dirty Frag, not a re-announcement. It is, however, in the same XFRM/ESP class and the immediate mitigation is identical. Customers who have already applied the Dirty Frag mitigation need no further action until patched kernels are released.
Apply this mitigation now Until a patched kernel or KernelCare livepatch is installed, blacklist the esp4, esp6, and rxrpc modules so they cannot be loaded, and unload them if already present: sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true" If you already applied this exact mitigation for Dirty Frag, no further action is required. The file already exists and Fragnesia is blocked by the same rule.