Linux and Android users urged to patch critical 'Bad Epoll' flaw

A newly discovered flaw in the Linux kernel could let attackers gain full root access on affected systems and Android devices. The vulnerability, tracked as CVE-2026-46242 and named Bad Epoll, affects the epoll subsystem, a core component used by servers, browsers, and applications to manage network connections and file events efficiently.
A race condition with serious consequences
The flaw is a use-after-free issue, where two kernel threads attempt to release the same internal object simultaneously. One thread frees the memory while the other continues to use it, creating a brief opportunity to corrupt kernel memory and escalate privileges. Despite the narrow timing window—just six CPU instructions—security researcher Jaeyoung Chung developed a reliable exploit that succeeds in about 99% of attempts on tested systems.
Exploit reaches beyond Linux into Android
The vulnerability is particularly concerning because it can be triggered from restricted environments like Chrome’s renderer sandbox, making it easier for attackers to exploit. The flaw affects not only Linux desktops and servers but also Android devices, raising the stakes for mobile users and developers. Security updates are already available, and users are strongly advised to install them without delay.
AI finds one, misses another
Interestingly, this flaw is related to a previous vulnerability detected by Anthropic’s Mythos AI model in the same section of kernel code. While the AI identified one critical bug, it missed this closely related issue, which was later discovered manually. The finding highlights both the potential and limitations of AI-assisted vulnerability research in uncovering complex kernel bugs.
Source: Security Affairs. AI-assisted editorial synthesis — TechnoExpress.

