July 12, 2026

Linux’s 15-year ghost story

GhostLock, a stack-UAF that has existed in all Linux distributions for 15 years

Linux had a secret root bug for 15 years, and the comments went from yawns to panic fast

TLDR: Researchers found a Linux bug that sat unnoticed for 15 years and could let a regular user take over a system, which is why the fix matters now. In the comments, people bounced between shrugging it off as “local only,” freaking out over the timeline, and gawking once the Google payout and crashy demos showed up.

The big reveal here is pure horror-movie energy for Linux fans: a security flaw quietly lived inside the operating system for more than 15 years, and researchers say it could be used by an ordinary user to seize full control of a machine and even break out of containers. In plain English, this wasn’t some dusty edge case hidden behind weird settings — it was broad, old, and serious enough that Google paid $92,337 for the exploit. That one detail instantly snapped the crowd awake. One commenter went from confusion to attention in record time: “I’m all ears now.” Money talks, and apparently so does a five-figure bug bounty.

But the comments also split into classic internet factions. One camp reacted with full-body dread at the timeline — basically, wait, this thing has been lurking since 2011?! Another camp tried to downplay the fear by pointing out this is a local attack, meaning someone generally needs access to the device first. Translation: not “the internet can hack your toaster tonight,” but still very bad if an attacker gets a foot in the door. Then came the chaos gremlin energy: one commenter said they tested it on Android devices and managed to trigger boot loops, shutdowns, and even a wallpaper-changing demo on Pixels via a proof of concept. The mood swung wildly between “A what?” confusion, “get back to weekending” dismissal, and straight-up Daaaaamn disbelief. In other words: classic tech-thread drama, where half the room shrugs, half the room screams, and everyone suddenly cares when devices start acting haunted.

Key Points

  • GhostLock (CVE-2026-43499) is a Linux kernel stack use-after-free vulnerability that the article says affected every major Linux distribution from Linux 2.6.39 until its fix in Linux 7.1.
  • The writeup says an unprivileged local attacker can use the flaw to obtain a dangling kernel pointer to stack memory, write a pointer to an almost arbitrary address, and hijack control flow to gain root access.
  • The bug is attributed to remove_waiter() clearing current->pi_blocked_on on the proxy-lock path, even when current is the requeuer rather than the actual waiter task.
  • According to the article, the vulnerable path involves PI futex operations, specifically FUTEX_WAIT_REQUEUE_PI and FUTEX_CMP_REQUEUE_PI, with CONFIG_FUTEX_PI=y as the key requirement.
  • VEGA says it developed a 97% stable privilege-escalation and container-escape exploit for the flaw, and Google awarded $92,337 through kernelCTF.

Hottest takes

"A what?" — mixmastamyk
"I’m all ears now" — teleforce
"get back to weekending" — password4321
Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.