
CVE-2026-46242: Linux Kernel — Local Root Escalation via Bad Epoll (June 2024)
CVE-2026-46242 — Linux Kernel Bad Epoll
CVE-2026-46242 (high severity) is a Linux kernel vulnerability that allows unprivileged local users to escalate privileges to root by exploiting a race-condition use-after-free in the epoll file-release path. A public proof-of-concept exploit is available, raising the risk of active exploitation. CVSS score is not yet published, but the impact is critical for any unpatched system running affected kernels.
Attack Vector
The vulnerability is triggered by racing the epoll file descriptor release process, resulting in a use-after-free condition. Attackers can leverage this to hijack freed kernel memory and execute arbitrary code with root privileges, typically using a Return-Oriented Programming (ROP) chain. Exploitation requires local access but no special privileges. The proof-of-concept demonstrates reliable root access on affected systems. No remote exploitation is possible, but local shell or app access is sufficient.
Who Is at Risk
Linux kernel versions 6.4 and newer are affected, including distributions shipping these kernels. Google Pixel 10 devices running Android with impacted kernels are confirmed vulnerable. Both desktop/server Linux deployments and mobile devices are at risk. Organizations running recent Linux distributions or Pixel 10 devices should prioritize assessment and remediation.
Patch & Mitigate
- Patch: Apply official kernel updates as soon as available for your distribution. Monitor vendor advisories for backported fixes. Google Pixel 10 users should apply the next security update immediately upon release.
- Workaround: Restrict local shell/app access where possible. No effective kernel-level workaround is known.
- Detect: Monitor for unusual privilege escalation attempts, rapid epoll file descriptor operations, and unexpected root access from unprivileged accounts in logs.
MITRE ATT&CK
- TA0004 — Privilege Escalation: Attackers exploit the kernel flaw to gain root from a non-privileged context.
- TA0007 — Defense Evasion: Kernel-level code execution allows bypassing standard security controls and detection.
Start Your 14-Day Free Trial
Get curated cyber intelligence delivered to your inbox every morning at 6 AM. No credit card required.
Get Started Free

