Eventpoll Memory Management Flaw in Linux Kernel
CVE-2026-46242

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 May 2026

What is CVE-2026-46242?

A memory management vulnerability in the Linux kernel's eventpoll subsystem allows for a misuse of freed memory, resulting from improper handling of file structures during critical operations. The flaw occurs when an ep_remove operation clears a file pointer under lock while allowing concurrent operations to be performed on the same pointer. This leads to a potential use-after-free scenario where attackers could exploit the vulnerability to manipulate memory, potentially causing system instability or unauthorized access. The resolution involves implementing better reference management to prevent premature memory release during critical operations.

Affected Version(s)

Linux 58c9b016e12855286370dfb704c08498edbc857a

References

https://git.kernel.org/stable/c/ef4ca02e95363e78977ca0434...

https://git.kernel.org/stable/c/ced39b6a8062bac5c18a1c3df...

https://git.kernel.org/stable/c/a6dc643c69311677c574a0f17...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46242 Data

JSON