A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out.
Bad Epoll sits in the same small stretch of kernel code where Anthropic’s most powerful AI model, Mythos, recently found a different bug.
The AI caught one flaw and missed this one. A researcher, Jaeyoung Chung, found it and built a working attack.
How the Bug Works
Epoll is a standard Linux feature that lets a program watch many files or network connections at once. Servers, network services, and web browsers all lean on it. You cannot simply switch it off.
Bad Epoll is a “use-after-free” bug. Two parts of the kernel try to clean up the same internal object at the same time. One frees the memory while the other is still writing into it. That brief collision lets an attacker corrupt kernel memory, then climb from a normal account up to root.
The catch is timing. The window where the two paths collide is only about six machine instructions wide, so a random attempt almost never lands in it. Chung’s exploit widens that window and retries without crashing, reaching root about 99% of the time on tested systems.
Two things make it more dangerous: by his account, it can be triggered from inside Chrome’s renderer sandbox, which blocks almost every other kernel bug, and it can reach Android, which most Linux privilege bugs cannot.
Chung submitted the flaw as a zero-day to Google’s kernelCTF program, and full technical details are in his public writeup. There is no sign it has been used in real attacks: as of this writing, it is not on CISA’s Known Exploited Vulnerabilities list, and the only working code is that kernelCTF proof of concept. An Android version of the exploit is still in progress.
Both bugs trace back to a single 2023 change to the epoll code. Chung says Mythos found the first of the two, now tracked as CVE-2026-43074, with a fix landing earlier in 2026.
Anthropic has separately said Mythos found Linux kernel privilege-escalation bugs, though it has not publicly linked that work to Bad Epoll. Finding the first one was a real result, because race-condition bugs are notoriously hard to spot.
So why did the same AI miss the sibling flaw? Chung offers two likely reasons and is careful to say no one can be sure.
- First, the timing window is tiny, so the exact sequence of events is hard to picture even while staring at the code.
- Second, there is little evidence at runtime.
Once the first bug is patched, Bad Epoll’s memory error usually does not trip KASAN, the kernel’s main bug detector, so nothing flags that something is wrong.
Epoll cannot be turned off, so there is no workaround. Apply upstream commit a6dc643c6931, or install your distribution’s backport when it lands. Kernels built on 6.4 or newer are affected unless they already have the fix.
Older 6.1-based kernels, including some Android phones…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]

