Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

New

The Hacker News by The Hacker News
July 3, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out.

Bad Epoll sits in the same small stretch of kernel code where Anthropic’s most powerful AI model, Mythos, recently found a different bug.

The AI caught one flaw and missed this one. A researcher, Jaeyoung Chung, found it and built a working attack.

How the Bug Works

Epoll is a standard Linux feature that lets a program watch many files or network connections at once. Servers, network services, and web browsers all lean on it. You cannot simply switch it off.

Bad Epoll is a “use-after-free” bug. Two parts of the kernel try to clean up the same internal object at the same time. One frees the memory while the other is still writing into it. That brief collision lets an attacker corrupt kernel memory, then climb from a normal account up to root.

The catch is timing. The window where the two paths collide is only about six machine instructions wide, so a random attempt almost never lands in it. Chung’s exploit widens that window and retries without crashing, reaching root about 99% of the time on tested systems.

Two things make it more dangerous: by his account, it can be triggered from inside Chrome’s renderer sandbox, which blocks almost every other kernel bug, and it can reach Android, which most Linux privilege bugs cannot.

Chung submitted the flaw as a zero-day to Google’s kernelCTF program, and full technical details are in his public writeup. There is no sign it has been used in real attacks: as of this writing, it is not on CISA’s Known Exploited Vulnerabilities list, and the only working code is that kernelCTF proof of concept. An Android version of the exploit is still in progress.

Both bugs trace back to a single 2023 change to the epoll code. Chung says Mythos found the first of the two, now tracked as CVE-2026-43074, with a fix landing earlier in 2026.

Anthropic has separately said Mythos found Linux kernel privilege-escalation bugs, though it has not publicly linked that work to Bad Epoll. Finding the first one was a real result, because race-condition bugs are notoriously hard to spot.

So why did the same AI miss the sibling flaw? Chung offers two likely reasons and is careful to say no one can be sure.

  • First, the timing window is tiny, so the exact sequence of events is hard to picture even while staring at the code.
  • Second, there is little evidence at runtime.

Once the first bug is patched, Bad Epoll’s memory error usually does not trip KASAN, the kernel’s main bug detector, so nothing flags that something is wrong.

Epoll cannot be turned off, so there is no workaround. Apply upstream commit a6dc643c6931, or install your distribution’s backport when it lands. Kernels built on 6.4 or newer are affected unless they already have the fix.

Older 6.1-based kernels, including some Android phones such as the Pixel 8, are not, because the bug arrived in 6.4.

A Bad Year for the Linux Kernel

Bad Epoll joins a well-known family of kernel bugs used to root Android, following earlier entries called Bad Binder, Bad IO_uring, and Bad Spin.

It also lands in a busy stretch for Linux privilege flaws, though most of the recent ones work differently. Copy Fail (CVE-2026-31431) landed in April and is now on CISA’s Known Exploited Vulnerabilities list. The Dirty Frag chain, Fragnesia, DirtyClone, pedit COW came after it.

Both are deterministic page-cache-write bugs, like Dirty Pipe (2022), with no race to win, which makes them far more reliable to run. Bad Epoll is the older, harder kind: a race you have to win, like Dirty Cow (2016).

A public proof-of-concept has also appeared for CVE-2026-31694, a separate flaw in the kernel’s FUSE filesystem code, found by the AI-driven research firm Bynario. A local user with FUSE access can feed the kernel a malicious filesystem and corrupt memory.

Depending on the setup, that can mean root access, data leaks, or a crash. Because that access is common in containers and user namespaces, it lands more as a server and container risk than a phone one.

Bynario is not the only one. Mythos also found and exploited a 17-year-old remote code execution bug in FreeBSD’s NFS server (CVE-2026-4747), and Anthropic researchers have used its models to surface other kernel flaws.

Bad Epoll is a useful counterpoint. It shows that race conditions are hard at every stage: hard to find, even for a leading AI; hard to fix, since the first patch fell short and a correct one took about two months; and hard to exploit, through a window only six instructions wide. For now, the bug an AI walks past is still the one a person has to catch.



Source link

The Hacker News

The Hacker News

Next Post
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Recommended.

Hello Group to Report First Quarter 2026 Results on June 2, 2026

Hello Group to Report First Quarter 2026 Results on June 2, 2026

May 11, 2026
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

March 20, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio