Artificial intelligence-based code analysis tool VEGA has uncovered a critical security flaw in the Linux kernel that has not been discovered for about 15 years. The flaw, dubbed GhostLock (CVE-2026-43499), allowed a regular user to gain root privileges and take full control of the system.
The flaw has reportedly been present in the Linux kernel code since 2011 and affects most popular distributions. All it takes to attack is a regular user account. Nebula Security said that the exploit worked successfully in about 97% of cases during testing and allowed an attacker to exit the container environment.
GhostLock is based on a use-after-free memory management error. This type of vulnerability occurs when a program accesses memory that has already been freed and can allow attackers to run their code with elevated privileges.
The flaw was discovered during automatic code analysis using Nebula Security's artificial intelligence tool VEGA. The team won a $92,337 bounty from Google's kernelCTF program for this discovery.
Although the security update was released in April of this year, experts recommend that all Linux system administrators check that the appropriate security packages are installed on the distribution they use.
