{"id":287507,"date":"2026-07-09T06:46:00","date_gmt":"2026-07-09T10:46:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/09\/cyber-researchers-sound-alarm-over-a-15-year-old-linux-kernel-flaw-ghostlock-could-let-hackers-seize-unpatched-machines-in-just-five-seconds\/"},"modified":"2026-07-09T07:10:06","modified_gmt":"2026-07-09T11:10:06","slug":"cyber-researchers-sound-alarm-over-a-15-year-old-linux-kernel-flaw-ghostlock-could-let-hackers-seize-unpatched-machines-in-just-five-seconds","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/09\/cyber-researchers-sound-alarm-over-a-15-year-old-linux-kernel-flaw-ghostlock-could-let-hackers-seize-unpatched-machines-in-just-five-seconds\/","title":{"rendered":"Cyber researchers sound alarm over a 15-year-old Linux kernel flaw \u2013 &#8216;GhostLock&#8217; could let hackers seize unpatched machines in just five seconds"},"content":{"rendered":"<p><a href=\"https:\/\/www.itpro.com\/software\/linux\/cyber-researchers-sound-alarm-over-a-15-year-old-linux-kernel-flaw-ghostlock-could-let-hackers-seize-unpatched-machines-in-just-five-seconds\">Cyber researchers sound alarm over a 15-year-old Linux kernel flaw \u2013 &#8216;GhostLock&#8217; could let hackers seize unpatched machines in just five seconds<\/a><\/p>\n<p><a href=\"https:\/\/www.itpro.com\/software\/linux\/cyber-researchers-sound-alarm-over-a-15-year-old-linux-kernel-flaw-ghostlock-could-let-hackers-seize-unpatched-machines-in-just-five-seconds\">https:\/\/www.itpro.com\/software\/linux\/cyber-researchers-sound-alarm-over-a-15-year-old-linux-kernel-flaw-ghostlock-could-let-hackers-seize-unpatched-machines-in-just-five-seconds<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-09 06:46:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.itpro.com\">www.itpro.com<\/a><\/p>\n<p id=\"elk-3a92213e-7b83-11f1-8b45-1b3bcdbdf19c\">Researchers at Nebula Security have discovered a Linux kernel flaw dating back to 2011 that lets any logged-in user take full root control of an unpatched machine in just five seconds.<\/p>\n<p id=\"elk-3a922274-7b83-11f1-ae07-d9d989caa563\">Dubbed GhostLock (CVE-2026-43499), it was introduced in Linux 2.6.39 and fixed in Linux 7.1.<\/p>\n<p id=\"elk-3a9222e2-7b83-11f1-8388-1543861ed9b5-0\">The flaw allows an unprivileged local attacker to get a dangling kernel pointer to kernel stack memory with only regular threading syscalls, write a pointer to an arbitrary address, and hijack a function table to get root access.<\/p>\n<p id=\"elk-3a922350-7b83-11f1-b33b-f14ca292b07a\">GhostLock has been shipped by default in every mainstream distribution since 2011, and requires no special privileges or network access. Nebula, which uncovered the flaw, said its exploit is reportedly 97% reliable and can also escape containers.<\/p>\n<p><span class=\"inline-flex items-center gap-1.5 text-sm font-article-heading capitalize leading-5 text-white whitespace-nowrap\"><span class=\"jwp-carousel-title-mobile\"\/><span class=\"jwp-carousel-title-desktop\">Latest Videos From<\/span><span class=\"jwp-carousel-brand inline-flex items-center\" aria-hidden=\"true\"><\/span><\/span><img decoding=\"async\" loading=\"lazy\" data-new-v2-image=\"true\" src=\"https:\/\/cdn.mos.cms.futurecdn.net\/flexiimages\/ljulvzzkkf1783326866.svg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/flexiimages\/ljulvzzkkf1783326866.svg\" class=\"rounded-[var(--image--border-radius,0)] max-h-12 w-auto\"\/><\/p>\n<p id=\"elk-3a9223be-7b83-11f1-8f5b-bbfb033019c8\">This particular flaw is the second part of an attack chain dubbed IonStack, with the first step being CVE-2026-10702, a vulnerability in Firefox that allows code execution within the browser and escapes its sandbox.<\/p>\n<p id=\"elk-3a922422-7b83-11f1-8b01-49429550f3c5\">The vulnerability is rated high (7.8) as the attacker would already need to have local access to the system.<\/p>\n<h2 id=\"how-the-ghostlock-flaw-works-3\">How the GhostLock flaw works<\/h2>\n<p id=\"elk-3a9224fe-7b83-11f1-89c9-f31776fba853\">Nebula researchers said the root cause is a function reused by a caller it was never written for: the helper function remove_waiter(). During certain futex operations, it incorrectly clears a pointer associated with the currently executing task, rather than the actual waiting task.<\/p>\n<p class=\"newsletter-form__strapline\">Sign up today and you will receive a free copy of our Future Focus 2026 report &#8211; the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.<\/p>\n<p id=\"elk-3a922562-7b83-11f1-93cd-8dd2cd9e8731\">This leaves the kernel with a dangling pointer that points to a memory location that has already been freed and reused. This allowed the Nebula team to gain full control, tricking the kernel into running their own code as the root user.<\/p>\n<p id=\"elk-3a9225c6-7b83-11f1-a1a1-cb5be930bcd9\">Daniel Bechenea, security manager at Pentest Tools, said the flaw is of particular concern because kernel exploits have historically carried a \u201creal operational&#8230;<\/p>\n<p><a href=\"https:\/\/www.itpro.com\/software\/linux\/cyber-researchers-sound-alarm-over-a-15-year-old-linux-kernel-flaw-ghostlock-could-let-hackers-seize-unpatched-machines-in-just-five-seconds\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cyber researchers sound alarm over a 15-year-old Linux kernel flaw \u2013 &#8216;GhostLock&#8217; could let hackers&#8230;<\/p>\n","protected":false},"author":1,"featured_media":287508,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.mos.cms.futurecdn.net\/erynALx5P4m9bG3NhzqxUN-1920-80.jpg","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,31,89,71,57,27],"class_list":["post-287507","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-exploit","tag-flaw","tag-linux","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287507"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=287507"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287507\/revisions"}],"predecessor-version":[{"id":287509,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287507\/revisions\/287509"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/287508"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=287507"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=287507"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=287507"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}