Linux Kernel Vulnerability in rtmutex Component Affecting Multiple Versions
CVE-2026-43499
Key Information:
Badges
What is CVE-2026-43499?
CVE-2026-43499 is a vulnerability within the Linux kernel, specifically affecting the rtmutex component, which is responsible for managing real-time mutex locks. This vulnerability arises from improper handling of waiter tasks during the queue operation of real-time locks, where the function remove_waiter() uses the current task instead of the intended waiter task. As a result, this flaw can lead to several critical issues, including the mishandling of priority scheduling, potential memory corruption due to dangling pointers, and inconsistent state management for tasks. Such vulnerabilities can severely affect system stability and reliability, posing a risk for organizations that depend on Linux-based systems for essential operations.
Potential impact of CVE-2026-43499
-
Memory Corruption Risks: The vulnerability leads to dangling pointers which can result in use-after-free (UAF) vulnerabilities, potentially allowing unauthorized access to sensitive memory regions, and thereby increasing the attack surface for exploitation.
-
Priority Management Failures: The improper adjustment of task prioritization can result in a scenario where critical tasks do not execute as intended. This can significantly hinder system performance and responsiveness, especially within real-time applications that depend on timely execution.
-
Increased Attack Vector: The existence of this vulnerability allows threat actors to exploit weaknesses in task management, which could lead to further exploitation methods, including privilege escalation and denial of service, thereby compromising the overall security posture of affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Linux 8161239a8bcce9ad6b537c04a1fa3b5c68bae693
Linux 8161239a8bcce9ad6b537c04a1fa3b5c68bae693 < 8a1fc8d698ac5e5916e3082a0f74450d71f9611f
Linux 8161239a8bcce9ad6b537c04a1fa3b5c68bae693 < 6d52dfcb2a5db86e346cf51f8fcf2071b8085166
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
GhostLock's 15-Year Shadow: How One Kernel Flaw Powered a One-Click Android Root
Nebula Security's IonStack chains a Firefox JIT bug with GhostLock (CVE-2026-43499), a 15-year-old Linux kernel stack UAF, to root Android 17 with one click. The flaw affected every distribution until April 2026. Patching remains urgent as supply chain risks mount.
6 days ago
15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From Google
GhostLock (CVE-2026-43499) is a 15-year-old Linux kernel vulnerability that allows attackers to gain root privileges.
1 week ago
Public Exploit Turns 15-Year Linux Kernel Flaw Into 5-Second Root Attack
Linux kernel privilege escalation vulnerability GhostLock (CVE-2026-43499) has lurked undetected in every major distribution since 2011. A public exploit now lets any logged-in user gain full root in
1 week ago
References
CVSS V3.1
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 📰
First article discovered by The Hacker News
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved