Ground.News
Critical GhostLock Vulnerability Allows Root Access on Linux Systems
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A severe Linux kernel vulnerability, CVE-2026-43499, known as GhostLock, has been publicly disclosed by Nebula Security's VEGA team. This flaw, present since 2011, allows any logged-in user to gain full root control of affected systems in approximately five seconds, with no special permissions required. GhostLock affects nearly all mainstream Linux distributions, including Ubuntu, Debian, and Red Hat. The vulnerability exploits a logic error in the kernel's real-time mutex subsystem, specifically in the remove_waiter() function. A patch has been released, but many distributions are still vulnerable as updates are being rolled out. The flaw has been awarded a $92,337 bounty under Google's kernelCTF program due to its severity and the quality of the exploit. Organizations are urged to prioritize patching to mitigate risks associated with this vulnerability.
Key Points: • GhostLock (CVE-2026-43499) allows root access to any logged-in user on vulnerable Linux systems. • The vulnerability has existed undetected since 2011 and affects nearly all major Linux distributions. • A patch is available, but many systems remain vulnerable as updates are still being deployed.