Based on reporting by The Hacker News →
Introduction
A newly disclosed vulnerability in the Linux kernel’s epoll subsystem—dubbed Bad Epoll—gives any unprivileged user the keys to the entire system, handing them root access without authentication or special permissions. The bug spans the full Linux ecosystem, from enterprise servers and personal desktops to every Android device still receiving updates.
The problem
According to a report by The Hacker News, security researchers have disclosed a Linux kernel privilege-escalation flaw, tracked as CVE-2026-46242 and named Bad Epoll, that allows any local user with no special privileges to gain full root control of the system. The vulnerability resides in the kernel’s epoll (event poll) subsystem—a core mechanism used for scalable I/O event notification. Because epoll is present in nearly every Linux kernel build, the flaw affects Linux desktops, servers, and the Android mobile operating system. The same stretch of kernel code was previously examined by Anthropic’s most advanced AI model, Mythos, which found one bug in that area but missed this one.
Consequences
An attacker who already has a toehold on a target system—perhaps via a compromised user account, a malicious insider, or a wormable initial access vector—can instantly escalate to full root privileges. With root, they can install persistent backdoors, disable security controls, steal or encrypt any data, and pivot laterally across the network. For Android devices, an unprivileged app or a compromised service could weaponize this bug to achieve device-level compromise, bypassing Android’s sandbox entirely. The fact that a frontier AI model previously audited this code and still missed the flaw underscores the difficulty of catching subtle kernel bugs.