Linux Kernel's Bad Epoll Flaw Grants Root Access
A critical vulnerability in the Linux kernel, dubbed "Bad Epoll" and assigned the identifier CVE-2026-46242, has been disclosed, enabling unprivileged users to achieve full root control over affected systems. This flaw impacts a wide range of Linux deployments, including desktop and server environments, as well as the Android mobile operating system. The vulnerability resides within a specific section of kernel code that was recently examined by Anthropic's AI model, Mythos, which identified a separate bug in the same area.
The Bad Epoll flaw allows an attacker with standard user privileges to escalate their access to the highest administrative level, effectively compromising the entire system. This level of access permits unauthorized modifications to system files, installation of malicious software, and complete data exfiltration. The discovery highlights ongoing challenges in securing complex operating system kernels, even with the aid of advanced AI tools.
While the vulnerability is severe, a patch has already been released by the Linux kernel development community. Users and administrators are strongly advised to apply the update promptly to mitigate the risk of exploitation. The presence of Bad Epoll in the same kernel code segment previously flagged by Anthropic's Mythos model underscores the intricate nature of kernel security and the potential for multiple vulnerabilities to coexist in close proximity. The specific details of the fix involve adjustments to how the epoll system call handles certain error conditions, preventing the unintended privilege escalation.
The broad applicability of the Linux kernel across various platforms, from embedded devices to supercomputers and mobile phones, means that the potential impact of Bad Epoll is significant. Android devices, which are built upon the Linux kernel, are particularly vulnerable if not updated with the latest security patches. The Linux kernel development team confirmed the fix in a recent security advisory, urging immediate deployment across all affected distributions and devices.
Original source — read the full reporting at the publisher:
Read on The Hacker News