15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From Google

15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers k From Google
Nebula Security published technical details and exploit code for CVE-2026-43499, also known as GhostLock, a Linux kernel use-after-free flaw that has affected major distributions since 2011. The company showed that the bug can enable local root privilege escalation and even container escape in Google’s kernelCTF program, earning a $92,337 bounty. #CVE-2026-43499 #GhostLock #NebulaSecurity #kernelCTF

Keypoints

  • GhostLock is a Linux kernel use-after-free vulnerability tracked as CVE-2026-43499.
  • The flaw was introduced in Linux 2.6.39 and remained undiscovered for 15 years.
  • The issue affects major Linux distributions and was patched in April.
  • Nebula Security demonstrated local privilege escalation to root using the vulnerability.
  • The bug was also shown to enable container escape in Google’s kernelCTF program.

Read More: https://www.securityweek.com/15-year-old-linux-vulnerability-ghostlock-earns-researchers-92k-from-google/