Bad Epoll (CVE-2026-46242) is a race-condition use-after-free in the Linux kernel's epoll subsystem. This bug lets an unprivileged process become root, not only on Linux desktops and servers but also on Android devices.

依旧解锁节

Bad Epoll can also be triggered from inside Chrome's renderer sandbox, which blocks almost every other kernel bug. A renderer exploit could therefore chain with Bad Epoll to achieve kernel code execution, the same impact Project Zero demonstrated in "From Chrome renderer code exec to kernel with MSG_OOB".

附赠 Chrome Renderer 逃逸

https://github.com/J-jaeyoung/bad-epoll
https://github.com/Dispa1r/bad-epoll-android
 
 
Back to Top