Back to advisories

Proof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access Vulnerability

A public proof-of-concept exploit is now available for CVE-2026-46242, a race-condition use-after-free bug in the Linux kernel epoll facility that allows unprivileged local processes to escalate to root. This affects kernel versions 6.4 and newer, including Android devices. Any system running vulnerable kernels is at immediate risk of total compromise via local exploitation.

CRITICALAdvisoryJul 07, 2026
Action required
Immediately inventory all Linux systems and Android devices running kernel 6.4 or newer. Prioritize patching to the latest stable kernel version. For systems that cannot be patched immediately, implement strict access controls to limit local user login and process execution capabilities.
Affected products
Linux kernelAndroid