Researchers have disclosed GhostLock (CVE-2026-43499), a Linux kernel local privilege escalation vulnerability in the rtmutex subsystem that reportedly dates back to 2011. The flaw stems from a use-after-free condition caused by a dangling pointer during proxy-lock rollback and can be leveraged for root privilege escalation and container escape on vulnerable systems.
GhostLock (CVE-2026-43499): 15-year-old Linux kernel flaw enables root and container escape
Submitted 3 days ago by UnLocoPoco@lemmy.world to cybersecurity@infosec.pub
https://thecybersecguru.com/news/ghostlock-cve-2026-43499-linux-kernel-0day/
poinck@lemmy.world 2 days ago
Already solved in linux-6.12.86-1 (debian stable)
security-tracker.debian.org/…/CVE-2026-43499