Bad Epoll Linux Bug Gives Unprivileged Users Root Access

ยท
Listen to this article~4 min
Bad Epoll Linux Bug Gives Unprivileged Users Root Access

A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user take full control of a machine as root. It affects Linux desktops, servers, and Android. A fix is out now.

A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in the same small stretch of kernel code where Anthropic's most powerful AI model, Mythos, recently found a different bug. The AI caught one flaw and missed another. ### What Is Bad Epoll? Bad Epoll is a privilege escalation vulnerability in the Linux kernel's epoll subsystem. Epoll is a mechanism that helps programs handle many network connections at once, like a busy web server or chat app. When a user with low-level access runs a specially crafted program, they can trick the kernel into giving them root privileges. It's like a bank teller handing over the vault keys to a customer who asked nicely but shouldn't have. The bug was discovered by security researchers who reported it to the Linux kernel team. The fix is already available in the latest kernel updates. If you run Linux on your desktop, server, or Android device, you need to patch now. ### Who Is Affected? - **Linux desktops**: Any distribution using an affected kernel version is vulnerable. That includes Ubuntu, Fedora, Debian, and others. - **Servers**: Cloud servers, web hosts, and enterprise data centers running Linux are at risk. A single unprivileged user could take over the entire machine. - **Android devices**: Android uses a modified Linux kernel. Many phones and tablets are affected until manufacturers push updates. ### How Does It Work? The flaw lives in the epoll subsystem, specifically in the code that handles events. An attacker can trigger a race condition, where two processes try to access the same memory at the same time. This lets them overwrite kernel memory and gain root access. It's a classic race condition scenario, but in a part of the kernel that was supposed to be safe. ### What Should You Do? 1. **Update your kernel**: Most distributions have released patches. Run `sudo apt update && sudo apt upgrade` on Ubuntu or Debian, or use your package manager. 2. **Check your Android device**: Go to Settings > System > System Update. If no update is available, check your manufacturer's website. 3. **Limit local access**: If you can't patch immediately, restrict who can log in to your systems. Use firewalls and disable unnecessary services. ### The AI Connection It's interesting that this bug was found in the same code area where Anthropic's Mythos AI found another vulnerability. AI can help find bugs faster, but it's not perfect. It missed this one. That means human researchers are still essential. They caught what the AI couldn't. ### Final Thoughts Bad Epoll is a serious bug, but the fix is out. If you patch now, you're safe. Don't wait. This is a reminder that even mature software like the Linux kernel has hidden flaws. Stay updated, stay secure.