GhostLock Linux Kernel Flaw Enables Root Access and Container Escape
Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a high-severity Linux kernel vulnerability that has existed since 2011 and allows local users to gain root privileges and escape containers on most major Linux distributions. The flaw stems from a use-after-free condition in the kernel’s real-time mutex handling and was weaponized into a proof-of-concept exploit with a reported 97% success rate, while also forming part of a broader exploit chain targeting Firefox on Android. Although no active exploitation has been observed, public release of the exploit code significantly increases the risk, making prompt kernel updates essential. Researchers advise organizations to deploy the latest patched kernel versions, as early fixes were followed by additional corrections, and to prioritize updates for shared, cloud, containerized, and multi-tenant environments.
Reference: nvd.nist.gov, thehackernews.com