Security · 2h ago
15-Year-Old Linux Kernel Flaw GhostLock Grants Root to Any User
Researchers disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel vulnerability that allows any logged-in user to gain full root control. The flaw has shipped by default in all major Linux distributions since 2011, requiring no special permissions or network access. Patches are urgently needed to prevent widespread exploitation.
Meridian48 take
The severity of GhostLock is amplified by its age and ubiquity, but the lack of network requirement limits remote attack vectors, making local access the primary threat.
Read the full reporting
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros →
The Hacker News
linux-kernelprivilege-escalation