Linux Kernel Bug Grants Root Privileges on Servers and Android Phones

The CVE-2026-46242 kernel flaw exploits a race condition and use-after-free in the epoll subsystem, affecting everything from cloud servers to Android smartphones.

CSBadmin
2 Min Read

Vulnerability Details

A serious zero-day vulnerability in the Linux kernel’s epoll subsystem, tracked as CVE-2026-46242, allows any unprivileged local user to gain full root access. The flaw, named “Bad Epoll” by researchers, is a use-after-free bug triggered by a race condition in the kernel’s event notification mechanism. The issue stems from a 2023 kernel code change that introduced two separate race conditions into the same code path. While an AI-powered tool from Anthropic named Mythos discovered the first flaw (CVE-2026-43074), Bad Epoll proved more elusive due to its narrow timing window and minimal runtime artifacts that evade the kernel’s KASAN memory error detector.

Attack Mechanism and Impact

Researcher Jaeyoung Chung submitted the working exploit to Google’s kernelCTF program, which rewards up to $71,337 for functional Linux kernel exploits. The attack uses four epoll structures in pairs to widen the exploit window, achieving roughly 99% reliability on tested systems. Unlike many privilege escalation bugs, Bad Epoll also affects Android devices because epoll is a core kernel component that cannot be disabled or unloaded. The vulnerability is reachable from within Chrome’s renderer sandbox, meaning an attacker could chain a browser exploit with Bad Epoll for full kernel code execution. No workaround exists, and administrators must apply the upstream patch or await distribution specific backports.

Source: Cyber Security News

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.