Bad Epoll (CVE-2026-46242) is a critical race-condition use-after-free vulnerability in the Linux kernel's epoll subsystem, allowing unprivileged processes to escalate to root privileges. It is particularly significant because it can bypass Android security restrictions and Chrome's renderer sandbox, a feat achieved by Jaeyoung Chung in Google kernelCTF where it was reported as a 0-day.
Background
Google kernelCTF is a competition rewarding researchers for discovering and exploiting Linux kernel vulnerabilities, often highlighting flaws that affect both desktop and mobile environments like Android.
- Source
- Lobsters
- Published
- Jul 5, 2026 at 02:40 AM
- Score
- 9.0 / 10