Cookie Consent by Free Privacy Policy Generator

GhostLock: 15-year-old Linux kernel flaw enables root access

Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old vulnerability in the Linux kernel that allows any logged-in user to escalate privileges to root and escape container environments. The Hacker News reports that the flaw has been present in the kernel since 2011 and affects essentially every mainstream Linux distribution that has not applied recent patches. The vulnerability requires no special permissions, no unusual system configuration and no network access, making it straightforward to exploit once an attacker has any level of user access to a vulnerable system. The flaw represents a significant risk for organisations running Linux servers, containers, cloud workloads or embedded systems, particularly where patching cycles are slow or where legacy systems remain in production.

Why this matters for UK organisations

For UK businesses, this is a reminder that vulnerabilities in foundational infrastructure components can remain undetected for years, and that privilege escalation flaws are particularly dangerous in environments where user access is assumed to be low-risk. The operational impact is clear: any system running an unpatched Linux kernel is at risk of full compromise if an attacker gains even limited user access, whether through phishing, supply chain compromise, insider activity or exploitation of another vulnerability. Container environments are particularly exposed, as the flaw enables escape from containerised workloads into the host system, undermining the isolation that containers are designed to provide. This is especially concerning for organisations running multi-tenant environments, cloud platforms or containerised applications where workload isolation is a critical security control. The age of the vulnerability also highlights the importance of maintaining visibility into legacy systems and ensuring that patching processes cover all Linux-based infrastructure, not just high-profile servers.

What to review

Review Linux patching processes, particularly for systems that may not be covered by standard update cycles, such as embedded devices, appliances, container hosts or cloud instances managed outside central IT. Ensure there is visibility into which Linux distributions and kernel versions are in use across the organisation, and that patching is prioritised for systems with user access or internet exposure. Consider whether container platforms are running on patched host systems, and whether there is monitoring in place to detect unusual privilege escalation or container escape activity. This is also a prompt to review whether legacy Linux systems are still in production, and whether there is a plan to decommission or isolate systems that cannot be patched. Organisations should ensure that patching responsibility is clearly assigned, and that there is a process for identifying and addressing systems that fall outside standard IT management processes.

Source: The Hacker News

News and blog posts
The NCSC has announced Cyber Shield, a new initiative aimed at developing a...
Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a...
SecurityWeek reports that a critical vulnerability in Gitea, a widely used...
Infosecurity Magazine reports that a suspected Chinese threat group is...