AI Uncovers 15-Year-Old Root Vulnerability in Linux Kernel
GhostLock (CVE-2026-43499): AI tool VEGA found a 15-year-old use-after-free root exploit in Linux kernel futex code. What engineers need to patch now.
Nebula Security's AI platform VEGA uncovered GhostLock, a use-after-free vulnerability in the Linux kernel's futex subsystem that has existed since kernel 2.6.39 shipped in 2011. Tracked as CVE-2026-43499, the flaw lets an unprivileged local user gain root in about five seconds with a 97% success rate.
Because futexes underpin glibc, threading runtimes, and container engines, the bug isn't a corner case — it's a direct path from container compromise to host root, putting shared hosts, CI runners, and multi-tenant environments squarely in scope.
That fifteen years of human review missed this pattern, while an AI-driven scan caught it, signals a structural shift: lifetime-tracking bugs like use-after-free are exactly the kind of faint, sustained-attention task where learned models now outperform manual review at kernel scale.
Practical guidance follows the finding: check your running kernel version, apply the vendor patch for CVE-2026-43499, disable unprivileged user namespace cloning on hosts that can't reboot immediately, and audit privilege-escalation binaries until the fleet is fully patched.