Vulnerability Management

‘Bad Epoll’ vulnerability allows root access on Linux and Android

As detailed in Security Affairs, a critical Linux kernel vulnerability dubbed Bad Epoll (CVE-2026-46242) has been disclosed, enabling local attackers to escalate privileges to root on affected Linux and Android systems. Security updates have been released and are recommended for immediate installation.

The Bad Epoll flaw resides within the epoll subsystem of the Linux kernel, a fundamental component for managing network connections and file events. It is a use-after-free vulnerability where two kernel threads attempt to free the same memory object concurrently, leading to memory corruption. Exploiting this requires precise timing, with a window of only six CPU instructions. Despite this, a reliable proof-of-concept exploit has been developed, capable of achieving root access even from within Chrome's renderer sandbox and potentially impacting Android devices.

Notably, this vulnerability was discovered manually by researcher Jaeyoung Chung after an AI model, Mythos, which had previously identified a related flaw in the same code section, missed Bad Epoll. This highlights the ongoing challenges in AI-assisted vulnerability research, particularly with subtle race conditions. While there is no evidence of widespread exploitation, the vulnerability affects Linux kernels version 6.4 and later, unless patched. Older long-term support kernels are not affected. This discovery adds to a series of recent high-profile Linux privilege escalation vulnerabilities.

Source: Security Affairs

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds