Zero-Day Bad Epoll Flaw Lets Attackers Root Linux and Android

1 min read
Source: CyberSecurityNews
Zero-Day Bad Epoll Flaw Lets Attackers Root Linux and Android
Photo: CyberSecurityNews
TL;DR Summary

A newly disclosed Linux kernel zero-day, Bad Epoll (CVE-2026-46242), enables unprivileged users to escalate to root on Linux servers, desktops, and Android by exploiting a race condition and a use-after-free in epoll’s ep_remove(). The attack can corrupt kernel memory via a freed eventpoll structure, gain memory access through /proc/self/fdinfo, and execute a return-oriented programming chain to spawn a root shell. Because epoll cannot be disabled without breaking core OS/browser functions, the workaround is to apply the upstream patch or a distribution backport; patch timing and deployment are critical as this is easy to chain with existing browser sandboxes.

Share this article

Reading Insights

Total Reads

1

Unique Readers

6

Time Saved

23 min

vs 24 min read

Condensed

98%

4,74898 words

Want the full story? Read the original article

Read on CyberSecurityNews