Fri, 15 May 2026 00:38 AM UTC: Added namespace mitigation instructions below.

---

A serious Linux kernel vulnerability has been publicly disclosed:

https://github.com/v12-security/pocs/tree/main/fragnesia

This issue has been allocated CVE-2026-46300, also known as Fragnesia. This targets the same components as the recently disclosed Dirtyfrag, but is a different vulnerability.

• It does *not* affect our latest 4.14 kernels
• Affects all servers running recent Linux kernels
• including servers that have already been rebooted with a kernel patched for the Dirtfrag vulnerability.

In practical terms, if an actor can run code inside a vulnerable VPS, for example through a compromised website, shell account, or application, this bug may allow them to take full control of that VPS.

Mitigations

Where a server is using a modular kernel, you should also check with the distributor as soon as possible for updates and additional mitigation steps.

On RimuHosting VPSs, it is possible to substantially mitigate this attack by preventing user accounts from creating their own namespaces. Running the following command will block those until the next reboot.

sysctl -w user.max_user_namespaces=0

This may impact the normal operation of containers and services that depend on namespaces, including in some cases ipsec tunnels.

The exploit modifies the memory used by legitimate system binaries (the public PoC overwrites /usr/bin/su in the page cache as part of gaining root), so applying the mitigation alone is not enough on systems that may have been targeted before it was put place. After mitigating, as root run the following command to drop the page cache and force a reload from disk:

echo 3 > /proc/sys/vm/drop_caches

On busy systems the page cache drop may cause some short term slowness until kernel caches fill up again, but is otherwise safe to do at any time.

Ongoing work

We are working on releasing patched kernels for our VPS customers. Kernel developers are still finalising a more comprehensive solution to prevent this class of issues.

We are continuing to review solutions for this vulnerability, and will be providing updates and further recomendations here. Please subscribe to this notice for updates.