Live Cybersecurity News Ticker | Codekeeper

"Bad Epoll" Zero-Day Gives Attackers Root Access on Linux and Android

Written by Content Team | Jul 5, 2026 12:22:05 PM

A newly discovered Linux kernel vulnerability called "Bad Epoll" (CVE-2026-46242) lets unprivileged local users gain full root access on Linux servers, desktops, and Android devices. The flaw exploits a race condition and use-after-free bug in the kernel's epoll subsystem — a core component that can't be disabled without breaking the OS.

Researcher Jaeyoung Chung found and exploited the bug, submitting it to Google's kernelCTF program, which pays $71,337+ for working kernel exploits. The exploit achieves roughly 99% reliability and can even be chained with a Chrome renderer exploit for full kernel code execution. No workaround exists — patching is the only fix.

Source: Cybersecurity News