Skip to content
feed: live about
>_ 0dayNews
CVE Record
[ HIGH ] CVE-2026-46242

Linux kernel epoll use-after-free local privilege escalation ('Bad Epoll')

A use-after-free race condition in the Linux kernel's epoll subsystem (introduced by a 2023 code change and present in Linux 6.4 and newer) allows an unprivileged local user to escalate to root. Older 6.1-based kernels are not affected. Reported by Jaeyoung Chung as a zero-day submission to Google's kernelCTF program; upstream fix landed as commit a6dc643c6931. Android devices running affected kernels are also in scope; no in-the-wild exploitation has been reported and the flaw is not on CISA KEV.

cat cve-2026-46242.json
Vendor
Linux Foundation
Product
Linux kernel (6.4 and newer; some Android device kernels)
CVSS
N/A
Status
patched
Published