AI Finds 15-Year Linux Root Bug: GhostLock Explained

3h ago·0:00 listen·Source: WIRED

Summary

An AI-driven bug-hunting tool called VEGA has uncovered a significant root bug in the Linux kernel. This flaw, known as GhostLock, existed for 15 years and allows any logged-in user to gain root access on an unpatched machine. The bug, identified as CVE-2026-43499, is a use-after-free vulnerability that shipped by default in most mainstream Linux distributions since 2011. It requires no special permissions or network access. Nebula Security, which developed VEGA, has published exploit code for GhostLock. Their exploit escapes containers and was 97 percent reliable in testing, earning a payout of over $92,000 through Google’s kernelCTF program. The bug was fixed in April, but patch availability varies. For example, some Ubuntu versions were still listed as vulnerable or in progress as of early July. This discovery highlights the potential of AI in finding critical vulnerabilities in long-standing codebases.

Read the full article on WIRED

This is an AI-generated audio summary. Always check the original source for complete reporting.

Share
Keep Listening