Nebula Security has published technical information and exploit code targeting a Linux kernel vulnerability that affects all major distributions since 2011.
Tracked as CVE-2026-43499 and referred to as GhostLock, the security defect was introduced in Linux 2.6.39 and lurked in the kernel for 15 years until a patch was rolled out in April.
GhostLock is a use-after-free issue introduced with a helper function designed to clean up after a task has been closed, as part of the kernel’s system of prioritizing urgent tasks.
Normally, the cleanup function would clear the current task. Due to the security defect, when a deadlock is encountered and a rollback occurs, the function clears the memory and reuses it while a pointer to it exists in another task.
The issue exists because the function assumes that the current task is the one that needs to be cleared up. However, when a requeue is requested, the function cleans up on behalf of a sleeping thread instead of the current one.







