Nebula Security published technical details and exploit code for CVE-2026-43499, also known as GhostLock, a Linux kernel use-after-free flaw that has affected major distributions since 2011. The company showed that the bug can enable local root privilege escalation and even container escape in Google’s kernelCTF program, earning a $92,337 bounty. #CVE-2026-43499 #GhostLock #NebulaSecurity #kernelCTF
Keypoints
- GhostLock is a Linux kernel use-after-free vulnerability tracked as CVE-2026-43499.
- The flaw was introduced in Linux 2.6.39 and remained undiscovered for 15 years.
- The issue affects major Linux distributions and was patched in April.
- Nebula Security demonstrated local privilege escalation to root using the vulnerability.
- The bug was also shown to enable container escape in Google’s kernelCTF program.