New Vulnerability Discovered in Linux Kernel

Jul 17, 2026

Hiding out for nearly 15 years, the Ghostlock vulnerability allows a standard logged-in user to gain root privileges.

AI has its uses, and one of them is finding issues in software. Such is the case when the VEGA AI tool, developed by experts at Nebula Security, uncovered what is now known as Ghostlock (CVE-2026-43499).

OpenCVE states: "...the function remove_waiter() incorrectly used the current task pointer instead of the waiter task pointer during certain lock paths." It continues, "This caused synchronization errors in the rbtree, left a dangling pi_blocked_on pointer, and made rt_mutex_adjust_prio_chain() act on the wrong task. The resulting use‑after‑free can lead to kernel memory corruption, crashes, or arbitrary code execution with elevated privileges."

Ghostlock received a score of 7.8, which, combined with the use-after-free in the kernel synchronization logic that enabled UAF and null pointer dereference conditions via the Bluetooth kernel module, elevated Ghostlock to a high-severity risk. According to TechTimes, the attack would only take five seconds to succeed.

This vulnerability affected most distributions, but before you get too concerned, major distributions are working on the problem. Red Hat published the following statement:
Further, any Red Hat product that relies on the Red Hat Enterprise Linux kernel (including RHEL CoreOS) is also potentially impacted. This includes layered products such as Red Hat OpenShift Container Platform, Red Hat OpenStack Platform, and Red Hat Virtualization.”

According to Ubuntu's tracker, all LTS versions from 18.04 to 26.04 are still vulnerable. 

You can read more about Ghostlock in Nebula Security's research piece.

Make sure to run an update on all of your Linux desktops and servers to apply the mitigation for Ghostlock.
 
 

 
 
 

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News