Zero-Day Bad Epoll Flaw Lets Attackers Root Linux and Android

A newly disclosed Linux kernel zero-day, Bad Epoll (CVE-2026-46242), enables unprivileged users to escalate to root on Linux servers, desktops, and Android by exploiting a race condition and a use-after-free in epoll’s ep_remove(). The attack can corrupt kernel memory via a freed eventpoll structure, gain memory access through /proc/self/fdinfo, and execute a return-oriented programming chain to spawn a root shell. Because epoll cannot be disabled without breaking core OS/browser functions, the workaround is to apply the upstream patch or a distribution backport; patch timing and deployment are critical as this is easy to chain with existing browser sandboxes.
- New "Bad Epoll" 0-Day Vulnerability Allows Root Access on Linux Servers and Android Devices CyberSecurityNews
- New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android The Hacker News
- DirtyClone: A Linux Privilege Escalation That Leaves No Trace on Disk Security Affairs
- New Critical Linux Vulnerability Enables Root Privilege Escalation LinkedIn
- Bad Epoll: Kernel Race Bug Beats AI Auditing, Hits 99% Root Exploit Rate Tech Times
Reading Insights
1
6
23 min
vs 24 min read
98%
4,748 → 98 words
Want the full story? Read the original article
Read on CyberSecurityNews