Critical GhostLock Vulnerability Allows Root Access on Linux Systems

Critical GhostLock Vulnerability Allows Root Access on Linux Systems

First seen 8 Jul 2026, 17:25 UTC CybersecuritynewsGround.NewsFeeds.4SysopsTechtimesnebusec.ai+3 91% similarity 72.8

Article Content

Browse articles
ThreatCluster

A severe Linux kernel vulnerability, CVE-2026-43499, known as GhostLock, has been publicly disclosed by Nebula Security's VEGA team. This flaw, present since 2011, allows any logged-in user to gain full root control of affected systems in approximately five seconds, with no special permissions required. GhostLock affects nearly all mainstream Linux distributions, including Ubuntu, Debian, and Red Hat. The vulnerability exploits a logic error in the kernel's real-time mutex subsystem, specifically in the remove_waiter() function. A patch has been released, but many distributions are still vulnerable as updates are being rolled out. The flaw has been awarded a $92,337 bounty under Google's kernelCTF program due to its severity and the quality of the exploit. Organizations are urged to prioritize patching to mitigate risks associated with this vulnerability.

Key Points: • GhostLock (CVE-2026-43499) allows root access to any logged-in user on vulnerable Linux systems. • The vulnerability has existed undetected since 2011 and affects nearly all major Linux distributions. • A patch is available, but many systems remain vulnerable as updates are still being deployed.

ThreatCluster AI

Timeline

2026-05-21
CVE-2026-43499 published
GhostLock vulnerability disclosed, affecting all major Linux distributions since 2011.
Techtimes
2026-05-30
CVE-2026-46242 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-02
CVE-2026-10702 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-25
CVE-2026-53166 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-27
First public PoC released
Nebula Security released a proof-of-concept exploit for GhostLock, demonstrating its severity.
Techtimes
2026-07-07
GhostLock disclosed by Nebula Security
VEGA team disclosed the GhostLock vulnerability along with a technical writeup and PoC code.
Techtimes
2026-07-08
Urgent patching recommended
Organizations are urged to patch systems as the vulnerability allows full root access to any logged-in user.
Techtimes

Community

Browse all →