July 10, 2026
Root cause? Root chaos
GhostLock, a stack-UAF that has existed in ALL Linux distributions for 15 years
A 15-year Linux flaw had commenters yawning, gasping, and waving cash emojis
TLDR: Researchers found a Linux security bug that quietly affected major distributions for 15 years and could let an ordinary user take over a system. Commenters swung between "wow," "so what," and "wait, Google paid how much?" — making the cash reward almost as attention-grabbing as the flaw itself.
The big shocker here is simple: researchers say every major Linux version has carried the same hidden security flaw since 2011, and they turned it into a near-reliable way to grab full control of a machine. In plain English, this was a bug that let a normal user potentially become the all-powerful admin, and even break out of locked-down app containers. That alone is wild. But the comments? Pure internet theater. One person instantly showed up with the classic forum power move — "dupe" — basically declaring the whole thing old news before the panic could even warm up.
Then came the split-screen reaction. Some readers were stunned by the age of the bug, with one dropping a dramatic "Daaaaamn" at the line saying it lived in Linux for 15 years. Others were hilariously unimpressed. One commenter basically said the headline forgot to mention this needs local access first, so everyone can relax and "get back to weekending." Translation: yes, it’s serious, but maybe not cancel-your-brunch serious. And then there was the most relatable reaction of all: "A what?" — the exact mood of anyone hit with a wall of kernel jargon before coffee.
But the real attention magnet was the money. The second people saw Google paid $92,337, the thread’s energy changed from sleepy confusion to full-body interest. Suddenly, the exploit details mattered a lot more. In classic comment-section fashion, the community managed to turn a deep Linux security post into a mix of shrugging, panic, nerd flexing, and payday envy.
Key Points
- •GhostLock (CVE-2026-43499) is a Linux kernel stack use-after-free vulnerability that the article says existed from Linux 2.6.39 to Linux 7.1, affecting major distributions for more than 15 years.
- •The writeup states that no special privileges or user namespaces are required, with CONFIG_FUTEX_PI=y as the main requirement for exposure.
- •According to the article, the bug can be exploited by an unprivileged local attacker to gain a dangling kernel stack pointer, perform an almost arbitrary pointer write, and achieve root access and container escape.
- •The technical root cause described is that remove_waiter() clears current->pi_blocked_on on a proxy locking path where current is the requeuer rather than the actual waiter task.
- •The article says Google awarded $92,337 through kernelCTF for turning the bug into a 97% stable privilege escalation and container escape exploit.