PulseAugur
EN
LIVE 06:57:11

GhostLock vulnerability in Linux kernel allows privilege escalation for 15 years

A critical vulnerability named GhostLock (CVE-2026-43499) has been discovered in the Linux kernel, affecting all major distributions for over 15 years. This flaw, introduced in version 2.6.39 and fixed in version 7.1, allows unprivileged local attackers to escalate privileges and escape containers with high stability. The vulnerability stems from a misuse of the `remove_waiter()` function, which incorrectly clears the `pi_blocked_on` flag on the wrong task during a proxy requeue operation, leading to a dangling kernel pointer. Google has awarded a $92,337 bounty for the discovery and successful exploitation of this bug. AI

RANK_REASON Discovery of a long-standing, critical vulnerability in a core operating system component. [lever_c_demoted from research: ic=1 ai=0.1]

Read on Hacker News — AI stories ≥50 points →

AI-generated summary · Google Gemini · from 1 sources. How we write summaries →

GhostLock vulnerability in Linux kernel allows privilege escalation for 15 years

COVERAGE [1]

  1. Hacker News — AI stories ≥50 points TIER_1 English(EN) · djfergus ·

    GhostLock, a stack-UAF that has existed in ALL Linux distributions for 15 years