Home > Control panel > Operations notices > Kernel bug Bad Epoll (CVE-2026-46242)

Related Links

Notice Links:

Notice

Kernel bug Bad Epoll (CVE-2026-46242)

PostedSun, 5 Jul 2026 21:58 PM UTC
Sun, 5 Jul 2026 17:58 PM EDT
Last UpdateSun, 5 Jul 2026 21:58 PM UTC (44 hours ago)
Sun, 5 Jul 2026 17:58 PM EDT
StatusOpen

A newly disclosed flaw in the Linux kernel's traffic-control subsystem, assigned CVE-2026-46242, and known as Bad Epoll.

https://github.com/J-jaeyoung/bad-epoll

Bad Epoll (CVE-2026-46242) is a race-condition use-after-free in the Linux kernel's epoll subsystem. This bug lets an unprivileged process potentially become root. It only affects 6.4 or newer kernels.

At this time, we are not aware of any active attacks using this vector.

Mitigations

There are no known mitigations at this time. The bug is in part of the kernel core that is always built in.

Fixed kernels

We are releasing updated VM kernels for 6.6, 6.12, and 6,18. A reboot will be required to use those. Please use our kernel selector in our control panel to action that.

You can verify which kernel your VM is running using the command 'uname -r', it will look something like this...:

6.18.0-really38-rh-20260705204512.xenU.x86_64

Fixed kernels will show a build date of 20260705 or newer. Those digits are the numerical date: 2026 July 6th.

Ongoing work

We are continuing to review this vulnerability, and will be providing updates and further recomendations here. Please subscribe to this notice for updates.

#

Keep You Updated?

Log in to subscribe to changes to this notice.

Set your operation notice contact details for future notifications.