Bad Epoll (CVE-2026-46242) is a Linux kernel use-after-free flaw that can let a local user gain root on affected Linux desktops, servers, and Android devices, with a fix already available. The bug is especially notable because it was found after Anthropic’s Mythos AI missed it in the same epoll code area where it had found CVE-2026-43074. #BadEpoll #CVE-2026-46242 #CVE-2026-43074 #Mythos #Linux #Android
Keypoints
- Bad Epoll is a Linux kernel use-after-free flaw that can lead to root access.
- The bug affects Linux desktops, servers, and Android, and cannot be worked around by disabling epoll.
- An exploit can reportedly gain root with high reliability by widening a tiny race window.
- The flaw is related to a 2023 epoll code change and sits near another bug found by Mythos, CVE-2026-43074.
- Users should apply upstream commit a6dc643c6931 or a vendor backport, especially on kernels 6.4 and newer.
Read More: https://thehackernews.com/2026/07/new-bad-epoll-linux-kernel-flaw-lets.html