Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)
Vulnerability
Summary
Hide ▲
Show ▼
Bad Epoll (CVE-2026-46242) is a newly disclosed Linux kernel use-after-free flaw that can let an unprivileged local user gain root on affected systems. It affects Linux desktops, servers, and Android, and a fix is available. The flaw turns a normal account into full machine control through kernel memory corruption.
Related Happenings
Linux kernel GhostLock root privilege escalation (CVE-2026-43499)
Vulnerability
H score28
First: 08.07.2026 09:16
Last: 08.07.2026 09:16
Sources 1
About this happening:
Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...
Linux kernel GhostLock root privilege escalation (CVE-2026-43499)
VulnerabilityAbout this happening: Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
Vulnerability
H score29
First: 26.06.2026 14:51
Last: 26.06.2026 14:51
Sources 1
About this happening:
**CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
VulnerabilityAbout this happening: **CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)
Vulnerability
H score41
First: 18.05.2026 10:18
Last: 18.05.2026 10:18
Sources 1
About this happening:
A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...
Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)
VulnerabilityAbout this happening: A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...
Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)
Vulnerability
H score35
First: 14.05.2026 10:06
Last: 14.05.2026 10:06
Sources 1
About this happening:
**Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...
Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)
VulnerabilityAbout this happening: **Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...
Latest development: 14.05.2026 16:00
Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.
Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)
Vulnerability
H score31
First: 11.05.2026 11:15
Last: 11.05.2026 11:15
Sources 1
About this happening:
A newly disclosed **Linux kernel** local privilege-escalation flaw, **Dirty Frag and Copy Fail 2**, can let an unprivileged user reach **root** on affected systems. The bug chains...
Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)
VulnerabilityAbout this happening: A newly disclosed **Linux kernel** local privilege-escalation flaw, **Dirty Frag and Copy Fail 2**, can let an unprivileged user reach **root** on affected systems. The bug chains...
Timeline
-
03.07.2026 22:40 2 articles · 6d ago
Bad Epoll Linux kernel flaw lets unprivileged users gain root
Initial DisclosureA newly disclosed Linux kernel use-after-free flaw, Bad Epoll (CVE-2026-46242), lets an unprivileged user escalate to root on Linux desktops, servers, and Android. Jaeyoung Chung built a working exploit, submitted the issue through Googles kernelCTF program, and a fix is available; there is no sign of real-world abuse.
Show sources
- New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android — thehackernews.com — 03.07.2026 22:40
- New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android — thehackernews.com — 03.07.2026 22:40