DigiNews

Tech Watch by Johan Denoyer

← Back to articles

IonStack part II: GhostLock, a stack-UAF that has existed in ALL Linux distributions for 15 years

Quality: 9/10 Relevance: 9/10

Summary

Nebula Security's IonStack Part II analyzes GhostLock (CVE-2026-43499), a stack-use-after-free vulnerability in the Linux kernel that has been present across major distributions for about 15 years. The write-up explains the root cause in the rtmutex handling when used via the proxy path, outlines how a local attacker could leverage a UAF window for privilege escalation, and discusses the exploitation chain concept (including KASLR leakage and CPU entry area techniques) and mitigations. It also covers patch timelines and disclosure details.

🚀 Service construit par Johan Denoyer