Bad Epoll Linux kernel flaw lets any local user gain root, including on Android
A newly disclosed Linux kernel vulnerability called Bad Epoll lets an ordinary user with no special privileges take full control of a machine as root, and it affects Linux desktops, servers, and Android. Tracked as CVE-2026-46242, the flaw is a use-after-free in epoll, a core Linux feature for watching many files or connections at once that programs and browsers rely on and cannot simply turn off. Two parts of the kernel try to free the same object at once, letting an attacker corrupt kernel memory and climb to root. It is a race-condition bug, harder to exploit than recent deterministic Linux flaws, but a working exploit exists and a fix is available.
- Check
- Identify Linux servers, workstations, and Android devices in your environment and check their kernel versions against the Bad Epoll fix, prioritizing multi-user systems and anything where untrusted users can run code.
- Affected
- Linux desktops, servers, and Android devices on kernels without the Bad Epoll fix (CVE-2026-46242); any local user, or code already running with low privileges, can exploit the flaw to gain root.
- Fix
- Apply the kernel updates that fix Bad Epoll as they reach your distributions and Android devices; there is no workaround, since epoll cannot be disabled, so patching is the only real mitigation.