Technical details and proof-of-concept (PoC) code targeting a recent Linux kernel vulnerability that could allow unprivileged processes to gain root privileges on desktops, servers, and Android phones are now public.
The security defect, tracked as CVE-2026-46242 (CVSS score of 7.8) and referred to as Bad Epoll, is described as a race-condition use-after-free bug in epoll, the Linux kernel’s I/O event notification facility.
Instead of asking programs to poll many file descriptors one by one, the Linux kernel maintains an epoll instance with an interest list and a ready list of file descriptors and return descriptors.
Bad Epoll is a close-vs-close race condition in epoll’s file-release path that leads to use-after-free.
If one eventpoll list of file descriptors monitors another and the two are closed simultaneously, one frees an object while the other continues to write to it.










