Offensive Security Digest

Bad Epoll Linux Kernel UAF Race Condition: Public Root Exploit (99% success)

Bad Epoll Linux Kernel UAF Race Condition: Public Root Exploit (99% success)

Key Questions

What is the Bad Epoll vulnerability?

It is a critical use-after-free race condition in the Linux epoll subsystem affecting kernels 6.4+ and Android 6.6+.

How effective is the public exploit for Bad Epoll?

The public root exploit achieves a 99% success rate by chaining epoll file descriptors to bypass the narrow race window.

What is notable about the Bad Epoll disclosure timeline?

There was a two-month gap between the initial report and the proper fix, which may indicate an operational security signal.

A critical kernel UAF race condition in Linux epoll (affects 6.4+ and Android 6.6+) with a public working exploit achieving root 99% of the time. The narrow race window is bypassed via chained epoll fds. Two-month gap between report and proper fix is a notable opsec signal. Must-know for Linux exploitation and red teaming.

Sources (2)
Updated Jul 6, 2026