Bad Epoll: Tiny Timing Window Lets Unprivileged Users Root Linux and Android

1 min read
Source: The Hacker News
Bad Epoll: Tiny Timing Window Lets Unprivileged Users Root Linux and Android
Photo: The Hacker News
TL;DR Summary

A newly disclosed Linux kernel vulnerability, Bad Epoll (CVE-2026-46242), is a use-after-free race in the epoll subsystem that can let a non-privileged user gain root on Linux desktops, servers, and Android. The attacker exploits a six-instruction timing window to corrupt kernel memory, with broader reach via Chrome’s sandbox and Android support; a upstream patch is available (a6dc643c6931) and backports are expected for 6.4+ kernels, while older 6.1-based Android devices may be unaffected. A public PoC exists, but there’s no evidence of widespread exploitation yet.

Share this article

Reading Insights

Total Reads

0

Unique Readers

7

Time Saved

4 min

vs 5 min read

Condensed

90%

83284 words

Want the full story? Read the original article

Read on The Hacker News