Critical Linux kernel vulnerability CVE-2026-46242 (Bad Epoll)

How to check a server and fix a vulnerability in the Linux kernel.

CVE-2026-46242 (Bad Epoll) is a critical Use-After-Free (UAF) vulnerability in the Linux kernel's eventpoll (epoll) subsystem. Under certain conditions, it may allow a local unprivileged user to escalate privileges to root, execute arbitrary code in kernel space, or trigger a denial-of-service (DoS) condition.

Why is this vulnerability dangerous?

If successfully exploited, an attacker may:

  • gain root privileges;
  • execute arbitrary code in kernel mode;
  • fully compromise the affected system;
  • cause a denial-of-service (DoS) by triggering a kernel crash.

Exploitation requires only local access to the system using a regular user account.

Affected systems

The vulnerability affects vulnerable Linux kernel versions containing the eventpoll (epoll) subsystem and may be present in various Linux distributions until the relevant security updates have been installed, including:

  • Ubuntu;
  • Debian;
  • Rocky Linux;
  • AlmaLinux;
  • Fedora;
  • Red Hat Enterprise Linux (RHEL).

How to check your kernel version

Run the following command to determine the currently running kernel version:

uname -r

Then verify that your distribution has installed a kernel package containing the fix for CVE-2026-46242.

How to mitigate the vulnerability

Install the latest security updates, including the updated Linux kernel.

Ubuntu / Debian

sudo apt update
sudo apt upgrade

Rocky Linux / AlmaLinux / RHEL

sudo dnf update

or, on older versions:

sudo yum update

After installing the updated kernel, reboot the server:

sudo reboot

Ensure the system is running the updated kernel.

After the reboot, check the running kernel version again:

uname -r

The reported version should correspond to the updated kernel.

"Important"

The kernel version number alone does not always indicate whether the vulnerability has been fixed. Many Linux distributions (such as Ubuntu, Debian, RHEL, AlmaLinux, and Rocky Linux) backport security fixes to existing kernel versions without changing the main kernel version number.

"Warning"

If a security update containing the fix for CVE-2026-46242 is available for your Linux distribution, it is strongly recommended to install it as soon as possible and reboot the system to load the updated kernel.

Help

If you have any questions or need assistance, please contact us through the ticket system — we're always here to help!

Need help?Our engineers will help you free of charge with any question in minutesContact us