Linux Kernel Flaws: GhostLock, BadEpoll, Januscape Exposed

An alarming vulnerability known as GhostLock has been disclosed in the Linux kernel, allowing an unprivileged local user to obtain root privileges and escape isolated containers. This flaw, identified as CVE-2026-43499, poses a serious threat as it can enable remote code execution with root privileges through a specially crafted web page when combined with other browser vulnerabilities. The issue dates back to Linux kernel version 2.6.39, which was released in 2011.

Reportedly, this vulnerability affects all Linux distributions released in the past 15 years. A successful exploit has been developed, earning its creators a reward of $92,337 from Google. This exploit, with a success rate of 97%, was executed in an environment with a KernelCTF kernel that includes additional patches to thwart common exploit techniques. The vulnerability was uncovered using the AI toolkit VEGA.

A patch addressing this critical security issue was accepted into the kernel codebase on April 21. The fix has been integrated into kernel version 7.1.0 and subsequent releases, including versions 6.18.36, 6.12.95, 6.6.144, and 6.1.177. Users are advised to update their systems promptly to safeguard against potential exploits. The status of the vulnerability in various distributions can be checked on platforms like Debian, Ubuntu, SUSE/openSUSE, RHEL, AlmaLinux, Gentoo, Arch, and Fedora.

Unfortunately, there are no workarounds available to mitigate the impact of this vulnerability, which stems from the implementation of locks in the futex system call. Users are urged to apply the necessary patches and updates to protect their systems from potential security breaches.

/Reports, release notes, official announcements.