Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

A 15-Year-Old Linux Kernel Flaw Exposed: The GhostLock Vulnerability



A 15-year-old Linux kernel flaw has been exposed, leaving many users and organizations scrambling to patch their systems before it's too late. The GhostLock vulnerability (CVE-2026-43499) can be exploited by any logged-in user to gain full root control of a machine that hasn't been patched. With patches rolling out now, users must act quickly to protect themselves from this significant security risk.

  • A 15-year-old Linux kernel flaw, known as GhostLock (CVE-2026-43499), has been revealed, leaving many users and organizations scrambling to patch their systems.
  • The bug is a result of an urgent task being stuck behind another trivial one in the kernel's cleanup step, creating a use-after-free situation.
  • The vulnerability can be exploited using ordinary threading calls from any local program without needing special permission or network access.
  • The vulnerability has been present in Linux since 2011 and was fixed in April, but not all distributions have yet implemented the fix.
  • The flaw affects nearly every Linux build and scores 7.8 out of 10 (high, not critical) because an attacker needs to already be logged in to the machine.
  • Experts are urging users to patch their systems as soon as possible due to the vulnerability's potential impact.
  • Patching shared and multi-tenant machines, cloud servers, containers, and CI runners is recommended to mitigate the risk.



  • The world of cybersecurity has been rattled by a recent discovery that highlights the ongoing challenges faced by security experts in protecting systems from vulnerabilities. A 15-year-old Linux kernel flaw, known as GhostLock (CVE-2026-43499), has been revealed, leaving many users and organizations scrambling to patch their systems before it's too late.

    In a statement, researchers at Nebula Security, who discovered the vulnerability, stated that the bug is a result of an urgent task being stuck behind another trivial one in the kernel's cleanup step. This mistake leaves the kernel holding a "note" that points at a scrap of memory it has already thrown away and reused, creating a use-after-free situation.

    The team successfully turned this small mistake into full control by chaining a few clever steps together, including tricking the kernel into running their own code as the all-powerful "root" user. This exploit works without needing special permission, unusual settings, or network access; ordinary threading calls from any local program are enough to activate it.

    The vulnerability has been present in Linux since 2011 and was fixed in April, with distributions now rolling out the patch (3bfdc63936dd). However, not all distributions have yet implemented the fix, leaving many users at risk. The flaw affects nearly every Linux build and scores 7.8 out of 10 (high, not critical) because an attacker needs to already be logged in to the machine.

    This vulnerability is particularly concerning given that it can escape containers, which further increases its potential impact. According to Nebula Security, the team found the bug using their AI-driven tool, VEGA, and has published working exploit code, allowing anyone to run it.

    Nebula's lead researcher on the project stated that the vulnerability joins a series of other 2026 Linux privilege-escalation bugs, several of which share a detail: an automated tool found them. These vulnerabilities highlight the importance of regular security updates and the need for users to stay vigilant in protecting their systems.

    In response to the discovery, experts are urging users to patch their systems as soon as possible. Installing your distribution's current kernel, not just the first patched build, is recommended, as the original fix introduced a separate crash bug (CVE-2026-53166), and the cleanup for that was still settling upstream in early July.

    There is no complete workaround for this vulnerability since the operations that trigger it are routine for any local process. Availability of patches varies across different distributions, with some systems listed as vulnerable or in progress, such as Ubuntu's 24.04, 22.04, and 20.04 LTS versions.

    To mitigate the risk, users are advised to patch shared and multi-tenant machines first, cloud servers, containers, and CI runners, where an attacker is most likely to find the local foothold this bug needs. The use of build options, RANDOMIZE_KSTACK_OFFSET and STATIC_USERMODE_HELPER, can make this exploit harder but is still not a fix.

    The GhostLock vulnerability serves as a reminder that even seemingly older vulnerabilities can pose significant risks. It also highlights the ongoing importance of AI-driven security tools in identifying and mitigating threats.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/A-15-Year-Old-Linux-Kernel-Flaw-Exposed-The-GhostLock-Vulnerability-ehn.shtml

  • https://thehackernews.com/2026/07/15-year-old-ghostlock-flaw-enables-root.html

  • https://nvd.nist.gov/vuln/detail/CVE-2026-43499

  • https://www.cvedetails.com/cve/CVE-2026-43499/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-53166

  • https://www.cvedetails.com/cve/CVE-2026-53166/


  • Published: Wed Jul 8 01:44:29 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us