New Vulnerability Discovered in Linux Kernel
Hiding out for nearly 15 years, the Ghostlock vulnerability allows a standard logged-in user to gain root privileges.
AI has its uses, and one of them is finding issues in software. Such is the case when the VEGA AI tool, developed by experts at Nebula Security, uncovered what is now known as Ghostlock (CVE-2026-43499).
OpenCVE states: "...the function remove_waiter() incorrectly used the current task pointer instead of the waiter task pointer during certain lock paths." It continues, "This caused synchronization errors in the rbtree, left a dangling pi_blocked_on pointer, and made rt_mutex_adjust_prio_chain() act on the wrong task. The resulting use‑after‑free can lead to kernel memory corruption, crashes, or arbitrary code execution with elevated privileges."
Ghostlock received a score of 7.8, which, combined with the use-after-free in the kernel synchronization logic that enabled UAF and null pointer dereference conditions via the Bluetooth kernel module, elevated Ghostlock to a high-severity risk. According to TechTimes, the attack would only take five seconds to succeed.
This vulnerability affected most distributions, but before you get too concerned, major distributions are working on the problem. Red Hat published the following statement:
“Further, any Red Hat product that relies on the Red Hat Enterprise Linux kernel (including RHEL CoreOS) is also potentially impacted. This includes layered products such as Red Hat OpenShift Container Platform, Red Hat OpenStack Platform, and Red Hat Virtualization.”
According to Ubuntu's tracker, all LTS versions from 18.04 to 26.04 are still vulnerable.
You can read more about Ghostlock in Nebula Security's research piece.
Make sure to run an update on all of your Linux desktops and servers to apply the mitigation for Ghostlock.
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
New Vulnerability Discovered in Linux Kernel
Hiding out for nearly 15 years, the Ghostlock vulnerability allows a standard logged-in user to gain root privileges.
-
New Linux Flaw Lets Attackers Escape VMs
A 16-year-old vulnerability allows an attacker to escape a virtual machine, gain access to the host, and execute malicious code.
-
Hannah Montana Linux Is Back!
Developer Noah Cagle decided the world needed the once obscure but beloved Linux distribution and gave it a decidedly pink refresh.
-
System76 Refreshes the Lemur Laptop
If you're looking for a laptop with tons of power and battery, look no further than the latest iteration of the System76 Lemur Pro.
-
More than 43 Million Lines of Code in Linux Kernel 7.2
Using the cloc utility, Michael Larabel of Phoronix discovered that Linux kernel 7.2 has over 43 million lines of code.
-
Kubuntu Focus Goes Ultra
The Kubuntu Focus team has upped the performance ante of its M2 and Zr laptops with the latest, greatest CPUs from Intel.
-
Linux Gamers May Soon See Less Mouse Lag in KDE Plasma
Gamers using KDE’s Plasma desktop have been suffering from a slight input delay in mouse movement that could lead to getting fragged.
-
Three Lines of Code Improve Linux Storage Performance
A developer changed three lines of code, giving Linux storage performance a 5% bump.
-
AUR Hit Again with Malicious Packages
Once again the Arch User Repository is plagued by a high volume of malicious packages.
-
Alpine Linux 3.24 Features Fresh Desktops and a Newer Kernel
If you're a fan of Alpine Linux, it's time to upgrade because the latest version has been released with KDE Plasma 6.6, Gnome 50, and Linux kernel 6.18 LTS.
