SECURITYTHE HACKER NEWS
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
Researchers at Nebula Security disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw enabling any logged-in user to gain root control on unpatched systems. The vulnerability has existed in default code across most mainstream Linux distributions since 2011 and requires no special permissions or network access.
Related Signal
Adjacent reporting
- 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
- New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
- Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
- Linux kernel flaw opens root-only files to unprivileged users