
Notice Links:
| Posted | Sun, 5 Jul 2026 21:58 PM UTC
Sun, 5 Jul 2026 17:58 PM EDT |
|---|---|
| Last Update | Sun, 5 Jul 2026 21:58 PM UTC (44 hours ago)
Sun, 5 Jul 2026 17:58 PM EDT |
| Status | Open |
A newly disclosed flaw in the Linux kernel's traffic-control subsystem, assigned CVE-2026-46242, and known as Bad Epoll. https://github.com/J-jaeyoung/bad-epoll Bad Epoll (CVE-2026-46242) is a race-condition use-after-free in the Linux kernel's epoll subsystem. This bug lets an unprivileged process potentially become root. It only affects 6.4 or newer kernels. At this time, we are not aware of any active attacks using this vector. MitigationsThere are no known mitigations at this time. The bug is in part of the kernel core that is always built in. Fixed kernelsWe are releasing updated VM kernels for 6.6, 6.12, and 6,18. A reboot will be required to use those. Please use our kernel selector in our control panel to action that. You can verify which kernel your VM is running using the command 'uname -r', it will look something like this...: 6.18.0-really38-rh-20260705204512.xenU.x86_64 Fixed kernels will show a build date of 20260705 or newer. Those digits are the numerical date: 2026 July 6th. Ongoing workWe are continuing to review this vulnerability, and will be providing updates and further recomendations here. Please subscribe to this notice for updates. # | |
Log in to subscribe to changes to this notice.
Set your operation notice contact details for future notifications.