15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From Google

Summary

Researchers have discovered a 15-year-old Linux kernel vulnerability, dubbed 'GhostLock', that allows attackers to gain root access to affected systems. This vulnerability has been present in major Linux distributions since 2011, and the researchers were awarded $92,000 by Google for their discovery.

IFF Assessment

FOE

The discovery of a long-standing, critical vulnerability that grants root access poses a significant threat to Linux systems, making it bad news for defenders.

Severity

9.8 Critical (AI Estimated)

This vulnerability allows for local privilege escalation to root, which is a critical impact. The attack vector is local, and the exploitability is high given its long presence and potential for widespread exploitation.

Defender Context

Defenders should be aware of this long-standing vulnerability and ensure their Linux systems are patched or mitigated. The existence of such old, critical flaws highlights the importance of continuous auditing and vulnerability management practices.

Read Full Story →