www.securityweek.com 7/6/2026, 1:31:55 PM · external

CVE-2026-46242: Linux 'Bad Epoll' flaw lets attackers gain root

CVE-2026-46242: Linux 'Bad Epoll' flaw lets attackers gain root
Developing story vulnerability 3 articles tracked
Bad Epoll Linux kernel flaw (CVE-2026-46242) allows local root access
CyberSIXT Evidence Panel
Primary Source nvd.nist.gov
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

A recently disclosed Linux kernel vulnerability, tracked as CVE-2026-46242, known as 'Bad Epoll', has been made public along with proof-of-concept (PoC) exploit code. This flaw allows unprivileged processes to gain root access on systems running kernel versions 6.4 and newer, including certain Android devices. The vulnerability is a race-condition use-after-free bug within the epoll mechanism that can lead to serious security breaches, such as leaking kernel memory.

Discovered by researcher Jaeyoung Chung, this vulnerability was reported as a zero-day and took an unusually long time to patch, prompting concerns about the Linux kernel’s response to security threats.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline