Bad Epoll Linux Flaw Reaches Android Without A Public Patch Timetable
A newly disclosed Linux kernel flaw tracked as CVE-2026-46242 can let an unprivileged local user gain root access on Linux systems and may be reachable from Android or Chrome sandbox contexts, but public material did not give a distribution-by-distribution patch timetable.

CVE-2026-46242 Gives Local Users A Root Path
A newly disclosed Linux kernel vulnerability called Bad Epoll gives an ordinary local user a path to root privileges on affected Linux systems, according to public technical details in the disclosure.
The disclosure tracks the flaw as CVE-2026-46242 and says it affects Linux desktops, servers and Android.
It also says a fix is available, but the public write-up does not provide a distribution-by-distribution patch timetable.
The bug sits in epoll, a standard Linux mechanism used by programs that need to watch many files or network connections at the same time.
Servers, network services and browsers rely on epoll, which means administrators cannot treat the feature as an optional component that can simply be disabled.
Researcher Reports A 99% Exploit Rate On Tested Systems
The public account names security researcher Jaeyoung Chung as the person who found Bad Epoll and built a working exploit.
Chung described the bug as a use-after-free condition in which two cleanup paths handle the same internal kernel object at the same time.
The disclosure says one path can free memory while another path is still writing to it.
That collision can corrupt kernel memory and allow an attacker who already has ordinary user access to climb to root.
Chung reported that the timing window is narrow, at about six machine instructions, but said the exploit widens the race condition and retries safely.
The public account says the exploit reached root about 99% of the time on tested systems.
Chrome Sandbox And Android Claims Raise Exposure
The Chrome and Android claims make the disclosure broader than a conventional local Linux privilege-escalation report.
The public account says Chung reported that the flaw can be triggered from inside Chrome's renderer sandbox, a boundary intended to block many other kernel attacks.
The same account says the vulnerability can reach Android, which is notable because many Linux privilege bugs do not translate directly to Android devices.
The public details do not name affected Android device makers, handset models or carrier patch schedules.
The disclosure also says Bad Epoll appears in the same small area of kernel code where Anthropic's Mythos model recently found a different bug.
That detail does not make the vulnerability an AI-generated discovery.
The public account says Chung found this flaw and that Mythos missed it.
Kernel Fix Exists, But Rollout Details Are Unnamed
The disclosure says Chung submitted the flaw as a zero-day to Google's kernelCTF programme and that Linux maintainers merged a fix.
It also says Google accepted the report as valid and tracked the issue through Android's vulnerability rewards process.
Enterprise Linux teams face patch exposure rather than a new network-facing attack path.
Bad Epoll requires a way to run code locally or inside a relevant sandboxed context, but root access would allow a successful attacker to bypass normal user-level limits.
The public material did not disclose affected distribution versions, named Android vendors, device-level patch dates, observed exploitation, or a complete rollout timetable for Linux and Android fixes.
















