Security
Bad Epoll CVE-2026-46242 gives root from the Linux epoll subsystem
- Category: Security
- Status: confirmed
- Sources: PoC and write-up, fix commit
- Summary: A published proof of concept documents CVE-2026-46242, a race-condition use-after-free in the Linux kernel epoll subsystem that yields local privilege escalation to root. The write-up dates the flaw to a v6.4 change (commit
58c9b016e128, April 2023) and the fix to commita6dc643c6931merged for v6.6 and later in April 2026, after a report on 2026-02-17. The author states the exploit reaches about 99 percent reliability through timing and retry loops and can be triggered from within Chrome's renderer sandbox, opening a kernel code-execution path. - Why it matters: Any kernel from v6.4 without the backport is exposed on desktops, servers, and Android, and the browser-sandbox trigger makes it a plausible second stage after a renderer compromise.
- Follow-up: Watch for distribution kernels confirming the backport and for a weaponized exploit beyond the published proof of concept.