www.securityweek.com 7/9/2026, 12:21:00 PM · external

GhostLock Lets Attackers Break Out of Containers, Gain Root

GhostLock Lets Attackers Break Out of Containers, Gain Root
CyberSIXT Evidence Panel
Primary Source nebusec.ai
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

NEBULA Security identified and exploited a Linux kernel vulnerability tracked as CVE-2026-43499, named GhostLock, affecting all major Linux distributions since 2011. This use-after-free vulnerability, stemming from a cleanup function in the kernel, allows an attacker to gain local privilege escalation to root by controlling freed memory. It was particularly notable for enabling a container escape in Google’s kernelCTF project, leading to a $92,337 bug bounty. GhostLock is part of a series of recent Linux kernel vulnerabilities, including Januscape and Bad Epoll.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline