Critical Linux kernel vulnerability CVE-2026-43499 (GhostLock)
How to check a server and fix a vulnerability in the Linux kernel.
CVE-2026-43499 (GhostLock) is a critical Linux kernel privilege escalation vulnerability affecting the RT Mutex (rtmutex) subsystem. The flaw, caused by a Use-After-Free (UAF) vulnerability, existed in vulnerable Linux kernel versions for many years and could allow a local unprivileged user to gain root privileges. In certain scenarios, it could also be exploited to escape from a container.
Why is this vulnerability dangerous?
If successfully exploited, an attacker may:
- gain root privileges;
- execute arbitrary code in kernel mode;
- break container isolation;
- fully compromise the affected system.
Exploitation requires only local access to the system using a regular user account.
Affected systems
The vulnerability affects vulnerable Linux kernel versions and may be present in various Linux distributions until the relevant security updates have been installed, including:
- Ubuntu;
- Debian;
- Rocky Linux;
- AlmaLinux;
- Fedora.
How to check your kernel version
Run the following command to determine the currently running kernel version:
uname -r
Then verify that your distribution has installed a kernel package containing the fix for CVE-2026-43499.
How to mitigate the vulnerability
Install the latest security updates, including the updated Linux kernel.
Ubuntu / Debian
sudo apt update
sudo apt upgrade
Rocky Linux / AlmaLinux / RHEL
sudo dnf update
or, on older versions:
sudo yum update
After installing the updated kernel, reboot the server:
sudo reboot
Ensure the system is running the updated kernel.
After the reboot, check the running kernel version again:
uname -r
The reported version should correspond to the updated kernel.
"Important"
The kernel version number alone does not always indicate whether the vulnerability has been fixed. Many Linux distributions (such as Ubuntu, Debian, RHEL, AlmaLinux, and Rocky Linux) backport security fixes to existing kernel versions without changing the main kernel version number.
"Warning"
If a security update containing the fix for CVE-2026-43499 is available for your Linux distribution, it is strongly recommended to install it as soon as possible and reboot the system to load the updated kernel.
Aide
Une question ou besoin d'un coup de main ? Écrivez-nous via le système de tickets — nous sommes toujours là pour vous aider !