Preface: If BlueField DPU supports configuring IPsec rules using strongSwan 5.9.0bf, does it use kernel IPsec in ARM?

Yes, when using strongSwan 5.9.0bf on the BlueField DPU, it utilizes the Linux kernel IPsec stack (xfrm) running on the ARM cores to manage and configure security associations, which can then be offloaded to the hardware acceleration engines.

Background: The only scenario where a GPU or advanced SoC interacts with the Linux kernel’s XFRM subsystem is during IPsec Network Offloading (SmartNICs / DPUs).

If an enterprise SoC or Data Processing Unit (like an NVIDIA BlueField DPU) handles high-speed network traffic, the Linux XFRM subsystem can act as a control plane. It passes the encryption policies (SAs and SPIs) down to the chip’s network engine so that standard internet IPsec traffic can be encrypted at wire speed directly on the network interface card (NIC) hardware rather than taxing the main host CPU.

Vulnerability details: Fragnesia is a Linux local privilege escalation vulnerability that is a member of the Dirty Frag vulnerability class.

Are there any remedies available for CVE-2026-46300?

Patch Your Kernel:

Update your Linux kernel immediately. Patches were released by major distributions (AlmaLinux, Ubuntu, Red Hat, Debian, Amazon Linux) around May 14-16, 2026.

Apply Temporary Mitigation (If Patching is Delayed): Disable the vulnerable modules (esp4, esp6, and rxrpc) to block the exploit.Run: sudo rmmod esp4 esp6 rxrpcCreate blacklist file: echo -e “install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false” | sudo tee /etc/modprobe[.]d/fragnesia[.]conf

Clear Page Cache: If you suspect a machine was targeted before patching, run sync; echo 3 | sudo tee /proc/sys/vm/drop_caches to evict potentially corrupted cached pages.

Official announcement: Please refer to the link for details – https://github.com/v12-security/pocs/tree/main/fragnesia