15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros

Summary

Researchers have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that allows any logged-in user to gain root control of unpatched systems. This vulnerability has been present in most mainstream Linux distributions since 2011 and requires no special permissions or network access to exploit.

IFF Assessment

FOE

This vulnerability allows for a privilege escalation attack, giving an attacker full control of a system, which is detrimental to defenders.

Severity

7.8 High

The CVSS score is estimated as high due to the potential for complete system compromise (root access) and the wide availability of the vulnerable code across numerous Linux distributions, coupled with the low complexity of exploitation.

Defender Context

This critical vulnerability, present for 15 years, allows for privilege escalation to root on unpatched Linux systems. Defenders must prioritize patching or mitigating this flaw across their Linux infrastructure to prevent widespread compromise.

Read Full Story →