AI Tool Uncovers 15-Year-Old Linux Kernel Root Exploit Affecting Most Distros
Nebula Security's AI platform VEGA has discovered GhostLock, a use-after-free vulnerability in the Linux kernel's futex subsystem that has existed since kernel version 2.6.39 was released in 2011. Tracked as CVE-2026-43499, the flaw allows an unprivileged local user to gain full root access in approximately five seconds, with a reported 97% success rate on vulnerable systems. The bug requires no special kernel configuration, meaning standard installations across most Linux distributions are affected. Because futexes underpin threading in glibc, container runtimes, and language virtual machines, the vulnerability has broad reach — and researchers warn it can also be used to escape containers and compromise the underlying host. The discovery highlights a growing capability of AI-assisted code review to surface critical security flaws that years of manual auditing had missed.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in