GhostLock, a stack-UAF that has existed in ALL Linux distributions for 15 years
GhostLock (CVE-2026-43499) is a critical Linux kernel vulnerability that has existed in all major distributions since 2011, allowing unprivileged local attackers to escalate privileges and escape containers through a use-after-free flaw in the rtmutex code. The vulnerability, which affects Linux versions 2.6.39 through 7.1-rc1, enables attackers to obtain dangling kernel pointers, write to arbitrary addresses, and hijack function tables to gain root access without requiring special privileges or kernel configurations. Google rewarded the discovery with $92,337 through kernelCTF, and the vulnerability was fixed in April 2026 after persisting for over 15 years.
Read Full Article →