Linux Kernel Vulnerability in rtmutex Component Affecting Multiple Versions
CVE-2026-43499

7.8HIGH

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
21 May 2026

Badges

🔥 Trending now🥇 Trended No. 1📈 Trended📈 Score: 19,000👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2026-43499?

CVE-2026-43499 is a vulnerability within the Linux kernel, specifically affecting the rtmutex component, which is responsible for managing real-time mutex locks. This vulnerability arises from improper handling of waiter tasks during the queue operation of real-time locks, where the function remove_waiter() uses the current task instead of the intended waiter task. As a result, this flaw can lead to several critical issues, including the mishandling of priority scheduling, potential memory corruption due to dangling pointers, and inconsistent state management for tasks. Such vulnerabilities can severely affect system stability and reliability, posing a risk for organizations that depend on Linux-based systems for essential operations.

Potential impact of CVE-2026-43499

  1. Memory Corruption Risks: The vulnerability leads to dangling pointers which can result in use-after-free (UAF) vulnerabilities, potentially allowing unauthorized access to sensitive memory regions, and thereby increasing the attack surface for exploitation.

  2. Priority Management Failures: The improper adjustment of task prioritization can result in a scenario where critical tasks do not execute as intended. This can significantly hinder system performance and responsiveness, especially within real-time applications that depend on timely execution.

  3. Increased Attack Vector: The existence of this vulnerability allows threat actors to exploit weaknesses in task management, which could lead to further exploitation methods, including privilege escalation and denial of service, thereby compromising the overall security posture of affected systems.

Affected Version(s)

Linux 8161239a8bcce9ad6b537c04a1fa3b5c68bae693

Linux 8161239a8bcce9ad6b537c04a1fa3b5c68bae693 < 8a1fc8d698ac5e5916e3082a0f74450d71f9611f

Linux 8161239a8bcce9ad6b537c04a1fa3b5c68bae693 < 6d52dfcb2a5db86e346cf51f8fcf2071b8085166

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

GhostLock's 15-Year Shadow: How One Kernel Flaw Powered a One-Click Android Root

Nebula Security's IonStack chains a Firefox JIT bug with GhostLock (CVE-2026-43499), a 15-year-old Linux kernel stack UAF, to root Android 17 with one click. The flaw affected every distribution until April 2026. Patching remains urgent as supply chain risks mount.

6 days ago

15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From Google

GhostLock (CVE-2026-43499) is a 15-year-old Linux kernel vulnerability that allows attackers to gain root privileges.

1 week ago

Public Exploit Turns 15-Year Linux Kernel Flaw Into 5-Second Root Attack

Linux kernel privilege escalation vulnerability GhostLock (CVE-2026-43499) has lurked undetected in every major distribution since 2011. A public exploit now lets any logged-in user gain full root in

1 week ago

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 📈

    Vulnerability started trending

  • 📰

    First article discovered by The Hacker News

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.