Bad Epoll: The bug missed by Mythos
· One min read
I am excited to introduce Bad Epoll (CVE-2026-46242), a Linux kernel vulnerability that I reported and exploited as a 0-day submission to Google kernelCTF. Bad Epoll is a race-condition use-after-free in the Linux kernel's epoll subsystem. This bug lets an unprivileged process become root, not only on Linux desktops and servers but also on Android devices.