[CIVN-2026-0357] Privilege escalation vulnerability in Linux kernel’s Eventpoll subsystem (Bad Epoll)

By Published On: July 8, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256


Privilege escalation vulnerability in Linux kernel’s Eventpoll subsystem (Bad Epoll)


Indian – Computer Emergency Response Team (https://www.cert-in.org.in)


Severity Rating: HIGH


Software Affected


Linux Kernel versions 5.15.209 to 5.15.x

Linux Kernel versions 6.1.175 to 6.1.x

Linux Kernel versions 6.4 to 6.18.32

Linux Kernel versions 6.19 to 7.0.9

Overview


A vulnerability commonly referred to as ‘Bad Epoll’ has been reported in the Linux Kernel’s Eventpoll (epoll) subsystem that could allow a local authenticated attacker to escalate privileges on the targeted system.


Target Audience:

All organizations and individuals running affected versions of Linux Kernel.


Risk Assessment:

High risk of local privilege escalation, race condition, execute arbitrary code and memory corruption.


Impact Assessment:

Potential for privilege escalation, execute arbitrary code with kernel privileges, memory corruption, system compromise and disruption of affected systems.


Description


The Linux kernel is the core component of many operating systems, responsible for managing hardware resources and providing essential system services and memory management functionality.


The vulnerability exists in the Linux kernel Eventpoll (epoll) subsystem due to a use-after-free (UAF) condition in the ep_remove() function. An authenticated local attacker could exploit this race condition by triggering concurrent operations on affected kernel objects, causing memory corruption and obtaining elevated privileges.


Successful exploitation of this vulnerability could allow an authenticated local attacker to gain elevated privileges, potentially resulting in the complete compromise of the affected system.


Solution


Apply appropriate updates as mentioned by the vendor:

https://www.kernel.org/



Vendor Information


Linux Kernel

https://www.kernel.org/


References


 

https://www.kernel.org/


CVE Name

CVE-2026-46242


 


– —


Thanks and Regards,

CERT-In


Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS


Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–


iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpOX1wACgkQ3jCgcSdc

ys9KaRAAis8n9DDfC3KvuiuIDBitra2T8apfIjMO9xM2zynop3GPfCA2kw9oDpaT

pYA6SXYPlJtEyfksOt8CvLC+0wQUF2abE/r5j9wpAwPBKxjlzws4vDv0IqE+d0SZ

LsvThlWkZb1M9caY2oiIOScikhBxYSxWitWhZN/9OLSm6pLQvpsbi2CE2UvTsHr0

OX7AIzKYeqmtxxM+pizaf/tMS38SGKNzPOZnX6UMHOuLhscnbCnVylngUrS8YTeN

B3jbz5SqV1cutAhcnfcZnL2aFtQcm/pymMIDKzn5nZMR1fbh1LImbC9XaoQLVgrs

wF2943zGDtcasp3Kjl2+9hPluk6rHg9NIYRQUpiPxykxUUlYLqCSLk40Ew/dCxCn

PeY6Z0nNHGYKGE/el3bcsrP/Ru5NXm2AjhvL78r98Up30LajjEpJAQ4eCW+Lafyi

aIbkOssWFMZDe9wOuVFg2LD2vN4tf7544jMjnYnwOWYPT1h5Nfngx1BS+tmgwh8T

D4YjzBEt/xFcZ/ujKmQzEIFnjaMc4u4jNYmEAFUxn/uua5VSdQcD3M2voR/h527r

XaZyMTz+x92jD0LO+Q/uY8k/tWdHNUNISZUmoA8Y6CiJlRcV5REkwweE4jXHZp8d

aDgjMEd+diT7aP3ukJj9UiYL4OxC8d6djl2zOveoaGXZE02F7Yk=

=WKuu

—–END PGP SIGNATURE—–

Share this article