A Decade and a Half Undetected
Researchers at Nebula Security published details of the vulnerability on Tuesday, revealing that it resides in the kernel’s real-time mutex (rtmutex) subsystem. The bug stems from a stack-based use-after-free condition triggered when the `remove_waiter()` function improperly references the `current` task pointer instead of `waiter::task`. The fix, merged into the mainline kernel in May, corrects this behavior by substituting the proper reference. gbhackers.com linux.oracle.com nvd.nist.gov
The flaw requires no special permissions, no unusual system configuration, and no network access — only local user-level login to a vulnerable machine. Its reach extends to servers, cloud workloads, embedded systems, and critically, containerized environments where it can defeat the isolation boundaries that containers are designed to enforce. secarma.com ground.news
Patch Complications
While no exploitation in the wild has been reported, Nebula Security’s release of functional exploit code has intensified urgency for administrators. Complicating matters, an early patch for GhostLock introduced a secondary crash bug, now tracked as CVE-2026-53166. That flaw, found in the kernel’s futex requeue mechanism, causes a NULL pointer dereference when a non-top waiter attempts to requeue a priority inheritance futex — crashing the kernel outright. A fix for CVE-2026-53166 was published in late June, and Red Hat issued its advisory on June 25. ground.news x.com access.redhat.com nvd.nist.gov
What Administrators Should Do
Organizations are advised to update to the latest patched kernel from their distribution vendor, verifying that the update addresses both CVE-2026-43499 and CVE-2026-53166. Systems running containerized workloads deserve particular attention, as do legacy machines and appliances that may fall outside standard patch cycles. Monitoring for unusual privilege escalation activity is recommended as an interim measure for environments where immediate patching is not feasible. access.redhat.com secarma.com