Linux 'Bad Epoll' Bug Can Let Local Users Escalate to Root on Desktop, Server and Android Systems

A newly disclosed Linux kernel vulnerability dubbed Bad Epoll could allow a local, unprivileged user to gain root access on affected systems, according to a public research write-up. The flaw is track...

A newly disclosed Linux kernel vulnerability dubbed Bad Epoll could allow a local, unprivileged user to gain root access on affected systems, according to a public research write-up. The flaw is tracked as CVE-2026-46242 and affects Linux distributions, servers, desktops, and some Android devices.

The issue is rooted in epoll, a core Linux mechanism used by applications to monitor many file descriptors or network connections at once. Because epoll is widely used by browsers, services, and server software, it cannot simply be disabled as a workaround.

Security researcher Jaeyoung Chung identified the bug and demonstrated a working exploit. The vulnerability is a use-after-free condition, meaning one part of the kernel can release memory while another part still tries to access it. If an attacker can influence that timing, they may be able to corrupt kernel memory and escalate privileges to root.

Although the flaw is serious, exploitation is not trivial. Chung said the timing window is extremely small, but the proof of concept improves reliability by retrying the attack in a way that avoids crashes. In testing, the exploit reportedly succeeded most of the time. Chung also said the bug can be triggered from inside Chrome’s renderer sandbox and may affect Android, which raises its potential impact.

The problem appears to stem from a 2023 change to epoll code. Chung noted that an earlier related bug in the same area had already been found by Anthropic’s Mythos model, but this second issue was missed. At the time of publication, there were no signs of in-the-wild abuse, and the flaw was not listed in CISA’s Known Exploited Vulnerabilities catalog.

What users and administrators should do

  • Apply upstream fix a6dc643c6931 or wait for your vendor’s backport.
  • Check whether your kernel is based on Linux 6.4 or later, as those versions are affected unless patched.
  • Older 6.1-based kernels, including some Android devices, are not impacted because the bug was introduced later.

Because epoll is a fundamental kernel feature, there is no practical configuration workaround. Systems that have not yet received the update should be prioritized for patching.