Linux kernel "Fragnesia" disclosed 2026-05-13 — Pulsed Media customers not exposed
A new Linux kernel local privilege escalation, "Fragnesia" (informally "copyfail 3.0"), was disclosed on 2026-05-13 by Sam James (Gentoo) on the oss-security mailing list. It is the third member of the page-cache-LPE family this spring, following Copy Fail (CVE-2026-31431, April 29) and Dirty Frag (CVE-2026-43284 + CVE-2026-43500, May 7).
Pulsed Media customers were not exposed. The kernel hardening we deployed on 2026-05-09 for the earlier Dirty Frag disclosure already blocks the attack path Fragnesia uses. We extended that hardening today with an additional defense-in-depth entry covering newer Debian kernels that ship the relevant module separately.
The upstream Linux patch is still pending — it has not yet been merged into Linus Torvalds's tree or any stable kernel series. Our mitigation does not depend on the upstream patch landing.
No customer action is required.
Thursday, May 14, 2026
