A significant vulnerability in the Linux kernel, known as 'Bad Epoll' and identified as CVE-2026-46242, has emerged as a grave threat to systems running Linux and Android. This flaw allows unprivileged local users to escalate their privileges to root by exploiting a race condition and a use-after-free bug in the kernel's epoll subsystem. The vulnerability was discovered by researcher Jaeyoung Chung, who demonstrated its potential by submitting it to Google's kernelCTF program.

Bad Epoll stands out due to its ability to impact both Linux servers and Android devices. Unlike many privilege-escalation bugs that can be mitigated by disabling optional modules, Bad Epoll targets the core epoll component, which is integral to the kernel and cannot be disabled. This makes it a unique threat that can also be exploited from within Chrome's renderer sandbox, potentially allowing full kernel code execution when combined with other exploits.

The flaw arises in the ep_remove() function where a race condition leads to a use-after-free scenario, causing kernel memory corruption. An attacker can manipulate this situation to gain arbitrary kernel memory read access and take control using a return-oriented programming chain, ultimately achieving a root shell. The vulnerability's exploit technique involves four epoll objects, where closing one pair triggers the race condition, affecting the victim object and enabling the attack.

The complexity of Bad Epoll is highlighted by the fact that an AI model, Mythos, discovered a related race condition in the same code path but missed this particular flaw. A patch was initially attempted by maintainers but did not fully resolve the issue, with a proper fix arriving nearly two months after disclosure. As epoll is critical to both OS and browser functionality, there is no feasible workaround. Administrators are urged to apply the upstream patch or wait for a distribution-specific backport to secure their systems.