Updated
Updated · WIRED · Jul 11
Nebula Security Publishes GhostLock Exploit for 15-Year Linux Root Bug
Updated
Updated · WIRED · Jul 11

Nebula Security Publishes GhostLock Exploit for 15-Year Linux Root Bug

3 articles · Updated · WIRED · Jul 11

Summary

  • GhostLock, tracked as CVE-2026-43499, lets any logged-in user gain root on an unpatched Linux machine with no special permissions or network access.
  • Nebula Security said its AI-driven VEGA tool found the use-after-free flaw after it had sat in kernel code for 15 years, and its published exploit escaped containers with 97% reliability in testing.
  • The bug affected essentially every mainstream Linux distribution by default since 2011 and earned Nebula a $92,337 payout through Google's kernelCTF program.
  • April brought a fix, but patch coverage remains uneven; Ubuntu still listed 24.04, 22.04 and 20.04 LTS as vulnerable or in progress in early July, pushing defenders to verify installed packages.
  • The finding adds to a 2026 wave of Linux privilege-escalation bugs uncovered by automated tools reexamining long-neglected kernel code.

Insights

As the Pentagon plans to use civilian hackers, what prevents them from becoming legitimate military targets in a future conflict?
If AI scanning private messages has high error rates, how can the EU justify extending 'Chat Control' for child safety?
If a massive cyberattack on infrastructure is 'uninsurable,' who will ultimately bear the catastrophic financial cost to society?

GhostLock (CVE-2026-43499): Critical Linux Kernel Vulnerability Enables 97% Reliable Root Exploits and Container Escapes

Overview

In July 2026, the cybersecurity community was alerted to GhostLock (CVE-2026-43499), a critical Linux kernel vulnerability publicly disclosed by Nebula Security. GhostLock is a use-after-free flaw in the kernel’s futex and rtmutex priority-inheritance code, where the kernel mistakenly accesses memory that has already been freed. This allows attackers to gain root access from user space, making it a powerful tool for privilege escalation and container escape. The vulnerability affects most Linux systems, requires no special privileges to exploit, and highlights the urgent need for rapid patching and continuous security monitoring.

...