Lemdro.id
  • Communities
  • Create Post
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
schnurrito@discuss.tchncs.de to @linux on Linux.Community@linux.communityEnglish · 2 days ago

GhostLock: 15-Year-Old Linux Kernel Flaw Gives Any Local User Root in 5 Seconds

threat-intelligence.redeyesecurity.com

external-link
message-square
2
link
fedilink
  • cross-posted to:
  • linux@lemmy.world
  • linux@discuss.tchncs.de
  • cybersecurity@sh.itjust.works
  • secops@lemmy.world
  • cybersecurity@infosec.pub
10
external-link

GhostLock: 15-Year-Old Linux Kernel Flaw Gives Any Local User Root in 5 Seconds

threat-intelligence.redeyesecurity.com

schnurrito@discuss.tchncs.de to @linux on Linux.Community@linux.communityEnglish · 2 days ago
message-square
2
link
fedilink
  • cross-posted to:
  • linux@lemmy.world
  • linux@discuss.tchncs.de
  • cybersecurity@sh.itjust.works
  • secops@lemmy.world
  • cybersecurity@infosec.pub
GhostLock: 15-Year-Old Linux Kernel Flaw Gives Any Local User Root in 5 Seconds | RedEye Security
threat-intelligence.redeyesecurity.com
external-link
GhostLock (CVE-2026-43499) is a use-after-free in Linux futex priority-inheritance code that has shipped by default in nearly every distro since 2011. Nebula Security's public exploit turns any logged-in user into root with 97% reliability and escapes containers. Patching is the only real fix.
alert-triangle
You must log in or register to comment.
  • Successful_Try543@feddit.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 days ago

    Debian Bullseye is vulnerable, Bookworm has it fixed in the security updates (kernel 6.1.176-1), Trixie is safe for both, regular and security updates (kernel 6.12.86-1 and 6.12.95-1).

    https://security-tracker.debian.org/tracker/CVE-2026-43499

    • lambalicious@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 days ago

      trixie - 6.12

      That sucks, but not much (all “local account required” vulns are like that). I need to stay on 6.8 both for proper PM support for hibernation and because of the Nvidia drivers.

@linux on Linux.Community@linux.community

linux@linux.community

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !linux@linux.community

Rules

This is an on-topic community. All content must adhere to our CODE OF CONDUCT.

Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 6 users / day
  • 12 users / week
  • 81 users / month
  • 112 users / 6 months
  • 3 local subscribers
  • 794 subscribers
  • 38 Posts
  • 58 Comments
  • Modlog
  • mods:
  • nkukard@linux.community
  • UI: 0.19.11
  • BE: 0.19.12
  • Modlog
  • Legal
  • Instances
  • Docs
  • Code
  • join-lemmy.org