Google Rewards Researchers $92k for 15-Year-Old Linux Vulnerability ‘GhostLock

www.news4hackers.com-google-rewards-researchers-92k-for-15-year-old-linux-vulnerability-ghostlock-google-rewards-researchers-92k-for-15-year-old-linux-vulnerability-ghostlock

15-Year-Old Linux Vulnerability GhostLock Earns Researchers $92k From Google Nebula Security has released technical details and exploit code targeting a Linux kernel flaw affecting all major distributions since 2011.

Overview of GhostLock Vulnerability

Designated as CVE-2026-43499 and named GhostLock, the vulnerability originated in the Linux 2.6.39 kernel version and remained unpatched for 15 years until a fix was implemented in April. The flaw arises from a helper function responsible for cleaning up tasks after they are terminated, which is part of the kernel’s mechanism for managing urgent processes. Under normal conditions, the cleanup function deallocates memory associated with the current task. However, the vulnerability allows an attacker to manipulate this process by triggering a deadlock scenario, causing the function to free memory that is later reused while a reference to it persists in another task. This occurs because the function incorrectly assumes the current task is the one requiring cleanup, but when a requeue operation is initiated, it erroneously processes a sleeping thread instead.

Exploit and Reward

Researchers demonstrated that the flaw enables unauthorized control over freed memory, leading to local privilege escalation to root access. They also showcased its exploitation in a container escape scenario within Google’s kernelCTF program, resulting in a $92,337 reward.

Related Vulnerabilities

  • Januscape
  • Bad Epoll
  • DirtyClone
  • CIFSwitch
  • DirtyDecrypt (also known as DirtyCBC)
  • Fragnesia
  • Dirty Frag

Implications and Challenges

GhostLock joins a recent wave of Linux kernel vulnerabilities disclosed publicly, including the above-mentioned flaws. The flaw highlights ongoing challenges in securing foundational operating system components, with implications for systems relying on Linux distributions for critical operations.



About Author

en_USEnglish