Home/ Blog/ Security news/ Article
Blog · Security news

A Linux kernel bug called Bad Epoll turns a sandboxed process into root, and the exploit is now public

Bad Epoll (CVE-2026-46242) lets a sandboxed or unprivileged process reach root on Linux 6.4+ and Android. Fixed in April; a public 99% exploit now exists.

Two robotic arms seize the same glowing Linux kernel component as a fracture spreads

The comfort in most Bad Epoll coverage is the size of the race: about six machine instructions, so surely too tight to hit. That reading is wrong, and treating it as a reason to wait is how a machine ends up rooted. The researcher who reported the flaw published an exploit that retries without crashing the kernel and wins roughly 99 times out of 100. A bug with no confirmed real-world use but a public, near-deterministic exploit is not a low priority. It is a countdown.

Bad Epoll, tracked as CVE-2026-46242, is a race condition in the Linux kernel's epoll event-polling code. When epoll tears down its objects, two cleanup paths can fire together, and one frees a structure the other is still updating. That is the classic use-after-free, and an unprivileged local user can ride it into a root shell. It affects kernel 6.4 and newer on desktops, servers, and Android; kernels on the 6.1 line, including some Android devices such as the Pixel 8, are not vulnerable. The fix landed upstream on 24 April 2026 in commit a6dc643c6931. For anyone current on kernel updates, this is a patch-and-move-on story. The problem is who is not current.

Bad Epoll: three years dormant, weaponized this monthApr 2023: Bug introduced by epoll change. Early 2026: Anthropic's Mythos finds sibling flaw. 24 Apr 2026: Bad Epoll quietly fixed upstream. Jul 2026: Public 99%-reliable exploit.Bad Epoll: three years dormant, weaponized this monthApr 2023Bug introducedby epoll changeEarly 2026Anthropic'sMythos findssibling flaw24 Apr 2026Bad Epollquietly fixedupstreamJul 2026Public99%-reliableexploit
Sources: J. Chung kernelCTF writeup; sibling bug CVE-2026-43074; upstream kernel commits 58c9b016e128 and a6dc643c6931.

Why a six-instruction window is not the good news it sounds like

Race conditions are hard to exploit when the attacker gets one shot and a miss crashes the target. Neither holds here. The public exploit widens the window and loops on failure without panicking the kernel, so it can try again and again until it wins. The reported reliability is about 99 percent on a 6.12.67 long-term kernel and 98 percent on Google's Container-Optimized OS build. The eight-byte write the bug gives you is turned, through a cross-cache technique, into control of a kernel file object, then arbitrary kernel memory reads through /proc/self/fdinfo, and finally a code-execution chain that returns a root shell. The narrow timing is an engineering detail the exploit already solved, not a control that protects you.

The other reason there is no easy out: epoll is not an optional module you can blacklist. It is core kernel machinery that almost every network service and browser uses, so you cannot shrink the attack surface by turning it off the way you might unload a niche driver. We have watched this same shape before with DirtyClone in the Linux page cache: the most dependable local-privilege-escalation bugs now live in subsystems that are always loaded and cannot be disabled, which removes the usual "just restrict it" mitigation and leaves patching as the only lever.

The real exposure is every process you already treat as contained

The line worth sitting with is that the exploit works from inside Chrome's renderer sandbox. That reframes the blast radius. Bad Epoll is not only a threat from a logged-in local user you already distrust. It is a root escalation available to any code that lands as an unprivileged process, which is exactly what a browser renderer compromise, a container workload, a compromised low-privilege service account, or a web shell running as www-data gives an attacker. On a 6.4-or-newer host, each of those footholds you had mentally filed as "contained" now sits one public exploit away from full root.

For a self-hosting operator, that moves the priority order. The hosts to patch first are the ones that run code you do not fully trust at low privilege: container and Kubernetes nodes, continuous-integration runners, shared or multi-tenant shell boxes, and any Android fleet on a 6.4-plus kernel. A guest-to-host or sandbox-to-host boundary is only as strong as the kernel underneath it, a point we made about a QEMU networking flaw that let a guest read host memory. Bad Epoll is the version where crossing that boundary hands over root, not just a peek. It belongs in the same tier as kernel-level implants like the SprySOCKS Windows kernel driver when you rank what can quietly own a host.

There are no indicators to hunt, so detection has to be behavioral

Because there is no reported in-the-wild activity, there are no file hashes, addresses, or campaign markers to load into a watchlist. Waiting for an indicator feed is the wrong instinct here. Detection has to be behavioral and inventory-led. The signal that matters is a root process whose parent is something that should never spawn one: a browser renderer, a container runtime, a service account, or a sandboxed worker suddenly holding a UID-0 shell. Kernel-exploit and memory-corruption telemetry from your endpoint tooling covers the technique, and process-lineage rules that flag unexpected privilege jumps out of unprivileged parents will catch the outcome even without a named exploit.

The first and larger job is knowing which of your hosts run kernel 6.4 or newer at all. Patching closes the hole; an accurate kernel inventory is how you know whether you were exposed in the weeks between the quiet April fix and the public July writeup, and how you prove the fix reached every box rather than just the ones you remembered.

The sibling an AI caught, and the one it missed

There is a footnote in this story worth more than a footnote. Bad Epoll and a second flaw, CVE-2026-43074, both trace to the same 2023 change to the epoll code, commit 58c9b016e128. According to the reporting, the sibling bug was found by an AI code-auditing model, Anthropic's Mythos, and patched earlier in 2026; Bad Epoll it missed, and a human researcher found and weaponized it. The practical lesson for anyone folding automated review into their pipeline is narrow and useful: an AI pass over a code region is a genuine result, not a clean bill of health. One tool caught one bug in that six-line neighborhood and walked past the harder one next to it. Treat "it was reviewed by AI" as one signal among several, never as assurance.

Patch 6.4 and newer kernels now, untrusted-code hosts first

The action is unambiguous. Update to a kernel that carries commit a6dc643c6931, or your distribution's backport of it, and reboot, since a running kernel keeps the flaw until it is replaced. Order the rollout by exposure rather than by uptime: container hosts, CI runners, and multi-tenant machines before single-user internal boxes, and push Android updates as they reach your device management. Bad Epoll has no attacker's mark on it yet, and that is exactly the window to spend. A public, 99-percent-reliable exploit against a subsystem you cannot switch off does not stay unused for long.

Topics

Frequently asked questions

What is Bad Epoll (CVE-2026-46242)?

Bad Epoll is a use-after-free race condition in the Linux kernel's epoll event-polling code. Two close paths free and use the same internal object at once, letting an unprivileged local user escalate to a root shell on affected systems.

Which Linux kernels are affected and where is the fix?

Kernel 6.4 and newer are vulnerable, on Linux desktops, servers, and Android. Kernels on the 6.1 line, including some devices like the Pixel 8, are not affected. The fix is upstream commit a6dc643c6931, released 24 April 2026, plus distribution backports.

Is Bad Epoll being exploited in the wild?

There is no reported real-world exploitation yet, and it is not on CISA's Known Exploited Vulnerabilities list. A public writeup and an exploit that succeeds about 99 percent of the time now exist, so the gap between a patched fix and active use is small.

Can Bad Epoll be exploited from inside a sandbox or container?

Yes. The public exploit works from inside Chrome's renderer sandbox, so any unprivileged foothold, such as a container workload, a compromised service account, or a web shell, can chain to root on a 6.4-plus kernel. Container and multi-tenant hosts are the priority.

How do I detect Bad Epoll exploitation without indicators?

Because there are no in-the-wild indicators, rely on behavior. Alert on a root process whose parent should never spawn one, such as a browser renderer or container runtime, and use kernel-exploit and memory-corruption telemetry. Start by inventorying which hosts run kernel 6.4 or newer.

Ready to meet the Guardians?

Deploys fast - agentless for monitoring and cloud, a lightweight agent for deep endpoint security. Just Suriq, standing watch.