New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

The Hacker News technology

Key Points:

  • A newly disclosed Linux kernel vulnerability called Bad Epoll (CVE-2026-46242) allows an unprivileged user to gain root access by exploiting a race-condition "use-after-free" bug in the epoll subsystem, affecting Linux desktops, servers, and Android devices.
  • The flaw arises from two kernel components simultaneously freeing and writing to the same internal object, creating a narrow timing window that an attacker can exploit with a crafted attack to corrupt kernel memory and escalate privileges.
  • Researcher Jaeyoung Chung discovered and developed a reliable exploit for Bad Epoll, which can even be triggered within Chrome's sandbox and on Android, making it more dangerous than many prior Linux privilege escalation bugs.
  • The vulnerability stems from a 2023 epoll code change and follows a related bug found earlier by Anthropic's AI model Mythos, which missed this sibling flaw likely due to its tiny timing window and lack of runtime error signals.
  • A fix is available through kernel updates (commit a6dc643c6931); affected systems include kernels 6.4 and newer, while older 6.1-based kernels and some Android devices like Pixel 8 are not affected. Users are urged to apply patches promptly as no workaround exists.

Trending Business

Trending Technology

Trending Health