CVE Record
[ HIGH ] CVE-2026-46242
Linux kernel epoll use-after-free local privilege escalation ('Bad Epoll')
A use-after-free race condition in the Linux kernel's epoll subsystem (introduced by a 2023 code change and present in Linux 6.4 and newer) allows an unprivileged local user to escalate to root. Older 6.1-based kernels are not affected. Reported by Jaeyoung Chung as a zero-day submission to Google's kernelCTF program; upstream fix landed as commit a6dc643c6931. Android devices running affected kernels are also in scope; no in-the-wild exploitation has been reported and the flaw is not on CISA KEV.
- Vendor
- Linux Foundation
- Product
- Linux kernel (6.4 and newer; some Android device kernels)
- CVSS
- N/A
- Status
- patched
- Published