oM noM Security Feeds cve
vulnerability context

CVE-2026-46242

CVSS 7.8 HIGHEPSS 2.4%CWE-416OTX 10 pulses

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file UAF ep_remove() (via ep_remove_file()) cleared file->f_ep under file->f_lock but then kept using @file inside the critical section (is_file_epoll(), hlist_del_rcu() through the head, spin_unlock). A concurrent __fput() taking the eventpoll_release() fastpath in that window observed the transient NULL, skipped eventpoll_release_file() and ran to f_op->release / file_free(). For the epoll-watches-epoll case, f_op->release is ep_eventpoll_release() -> ep_clear_and_put() -...

Published 2026-05-30 · last modified 2026-06-17

details

CISA KEV status
Not in catalog
CVSS v3
7.8 / HIGH
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
2.4% percentile (score 0.0012)
CWE
CWE-416
OTX pulses
10 total, 0 recent

source mentions 2

source consensus

  • Bluesky
  • The Hacker News
Want the 3-bullet summary of CVE-2026-46242, plus webhook alerts when KEV is updated? Pro is $10/mo.