Find notable cyber news and cases, enriched with sources, timelines, and signals.

Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)

Vulnerability
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

Bad Epoll (CVE-2026-46242) is a newly disclosed Linux kernel use-after-free flaw that can let an unprivileged local user gain root on affected systems. It affects Linux desktops, servers, and Android, and a fix is available. The flaw turns a normal account into full machine control through kernel memory corruption.

Related Happenings

Linux kernel GhostLock root privilege escalation (CVE-2026-43499)

Vulnerability
H score28 First: 08.07.2026 09:16 Last: 08.07.2026 09:16 Sources 1

About this happening: Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...

Linux kernel DirtyClone privilege escalation (CVE-2026-43503)

Vulnerability
H score29 First: 26.06.2026 14:51 Last: 26.06.2026 14:51 Sources 1

About this happening: **CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...

Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)

Vulnerability
H score41 First: 18.05.2026 10:18 Last: 18.05.2026 10:18 Sources 1

About this happening: A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...

Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)

Vulnerability
H score35 First: 14.05.2026 10:06 Last: 14.05.2026 10:06 Sources 1

About this happening: **Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...

Latest development: 14.05.2026 16:00

Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.

Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)

Vulnerability
H score31 First: 11.05.2026 11:15 Last: 11.05.2026 11:15 Sources 1

About this happening: A newly disclosed **Linux kernel** local privilege-escalation flaw, **Dirty Frag and Copy Fail 2**, can let an unprivileged user reach **root** on affected systems. The bug chains...

Timeline

  1. 03.07.2026 22:40 2 articles · 6d ago

    Bad Epoll Linux kernel flaw lets unprivileged users gain root

    Initial Disclosure

    A newly disclosed Linux kernel use-after-free flaw, Bad Epoll (CVE-2026-46242), lets an unprivileged user escalate to root on Linux desktops, servers, and Android. Jaeyoung Chung built a working exploit, submitted the issue through Googles kernelCTF program, and a fix is available; there is no sign of real-world abuse.

    Show sources