New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
Key Points:
- A newly disclosed Linux kernel vulnerability called Bad Epoll (CVE-2026-46242) allows an unprivileged user to gain root access by exploiting a race-condition "use-after-free" bug in the epoll subsystem, affecting Linux desktops, servers, and Android devices.
- The flaw arises from two kernel components simultaneously freeing and writing to the same internal object, creating a narrow timing window that an attacker can exploit with a crafted attack to corrupt kernel memory and escalate privileges.
- Researcher Jaeyoung Chung discovered and developed a reliable exploit for Bad Epoll, which can even be triggered within Chrome's sandbox and on Android, making it more dangerous than many prior Linux privilege escalation bugs.
- The vulnerability stems from a 2023 epoll code change and follows a related bug found earlier by Anthropic's AI model Mythos, which missed this sibling flaw likely due to its tiny timing window and lack of runtime error signals.
- A fix is available through kernel updates (commit a6dc643c6931); affected systems include kernels 6.4 and newer, while older 6.1-based kernels and some Android devices like Pixel 8 are not affected. Users are urged to apply patches promptly as no workaround exists.