New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
Summary
A new Linux kernel vulnerability, dubbed "Bad Epoll" (CVE-2026-46242), has been discovered that allows unprivileged users to gain root access on affected systems. This flaw impacts Linux desktops, servers, and Android devices, though a fix has already been released. Notably, the same kernel code area was recently scrutinized by Anthropic's AI model, Mythos.
IFF Assessment
This vulnerability allows for privilege escalation to root, which is a significant win for attackers and a direct threat to defenders.
Severity
This CVSS score reflects a high severity due to the attack vector being local (requiring an unprivileged user on the system) and the impact of complete system control (privilege escalation to root).
Defender Context
Defenders should prioritize patching this vulnerability across all Linux and Android systems immediately. This incident highlights the ongoing threat of privilege escalation bugs in widely used operating systems and the potential for complex code areas to harbor multiple vulnerabilities, even those identified by AI.