{"id":285430,"date":"2026-07-03T15:40:00","date_gmt":"2026-07-03T19:40:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/03\/new-bad-epoll-linux-kernel-flaw-lets-unprivileged-users-gain-root-hits-android\/"},"modified":"2026-07-03T16:45:07","modified_gmt":"2026-07-03T20:45:07","slug":"new-bad-epoll-linux-kernel-flaw-lets-unprivileged-users-gain-root-hits-android","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/03\/new-bad-epoll-linux-kernel-flaw-lets-unprivileged-users-gain-root-hits-android\/","title":{"rendered":"New &#8220;Bad Epoll&#8221; Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/07\/new-bad-epoll-linux-kernel-flaw-lets.html\">New &#8220;Bad Epoll&#8221; Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/07\/new-bad-epoll-linux-kernel-flaw-lets.html\">https:\/\/thehackernews.com\/2026\/07\/new-bad-epoll-linux-kernel-flaw-lets.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-03 15:40:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out.<\/p>\n<p>Bad Epoll sits in the same small stretch of kernel code where Anthropic&#8217;s most powerful AI model, Mythos, recently found a different bug.<\/p>\n<p>The AI caught one flaw and missed this one. A researcher, Jaeyoung Chung, found it and built a working attack.<\/p>\n<h2>How the Bug Works<\/h2>\n<p>Epoll is a standard Linux feature that lets a program watch many files or network connections at once. Servers, network services, and web browsers all lean on it. You cannot simply switch it off.<\/p>\n<p>Bad Epoll is a &#8220;use-after-free&#8221; bug. Two parts of the kernel try to clean up the same internal object at the same time. One frees the memory while the other is still writing into it. That brief collision lets an attacker corrupt kernel memory, then climb from a normal account up to root.<\/p>\n<p>The catch is timing. The window where the two paths collide is only about six machine instructions wide, so a random attempt almost never lands in it. Chung&#8217;s exploit widens that window and retries without crashing, reaching root about 99% of the time on tested systems.<\/p>\n<p><img decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjQl2axNwsfhbXOFynrg_uAZsvHi3OvNGSA8KJO-BKR8Xm3x7yjKV3EvfY4v5mwXx6LF0uWFb9h9d9iAV_Pi-YYhqimX9wx4OaLdDJEdR215Xrxq_PAtXkaLfQso4pTSjbj6fvh_ZTliLpzWZSZfcoZgyXtKwhN-SSDDlmbtUqGLshc0KqYQGWYHMN52Sl1\/s728-e100\/zz-d.jpg\" width=\"729\" height=\"91\"\/><\/p>\n<p>Two things make it more dangerous: by his account, it can be triggered from inside Chrome&#8217;s renderer sandbox, which blocks almost every other kernel bug, and it can reach Android, which most Linux privilege bugs cannot.<\/p>\n<p>Chung submitted the flaw as a zero-day to Google&#8217;s kernelCTF program, and full technical details are in his\u00a0public writeup. There is no sign it has been used in real attacks: as of this writing, it is not on CISA&#8217;s Known Exploited Vulnerabilities list, and the only working code is that kernelCTF proof of concept. An Android version of the exploit is still in progress.<\/p>\n<p>Both bugs trace back to a single 2023 change to the epoll code. Chung says Mythos found the first of the two, now tracked as\u00a0CVE-2026-43074, with a&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/07\/new-bad-epoll-linux-kernel-flaw-lets.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>New &#8220;Bad Epoll&#8221; Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android https:\/\/thehackernews.com\/2026\/07\/new-bad-epoll-linux-kernel-flaw-lets.html Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":285431,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEggOXDckpE46PYIzBnXsx_kyHzFvlcB3l8qEr6feRNBhRQMKc2p5r2pQArl-NrsoB2z6vE917nXVHpuuMZOgZcRDMlwbVYC0ocK3uIsb-h59qed_kuvDKwvukQCAs-VDcE5Ail8mTRSPpnNfrPzKv5oAMQ9fJCDNE_2PpPrN9a9mOwGUIs0TnWq6_r58HM\/s1700-e365\/root-linux.gif","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[20,90,89],"class_list":["post-285430","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-artificial-intelligence","tag-cve","tag-flaw"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/285430"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=285430"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/285430\/revisions"}],"predecessor-version":[{"id":285432,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/285430\/revisions\/285432"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/285431"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=285430"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=285430"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=285430"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}