News
AI Agent VEGA Finds GhostLock, a Linux Flaw Hidden for 15 Years
Nebula Security's VEGA security agent discovered GhostLock, a Linux kernel flaw present since 2011 in nearly all distributions. Google awarded $92,337 for the discovery, and a publicly available exploit succeeds in 97 percent of attempts.
Contents
A flaw in the Linux kernel sat unnoticed for fifteen years before it was found, not by a team of human researchers, but by an autonomous AI agent. VEGA, a tool built by Nebula Security, identified the bug tracked as CVE-2026-43499 and named GhostLock, which lets any logged-in user gain full root privileges on an unpatched machine.
What the VEGA Agent Found
GhostLock is a use-after-free bug in the kernel's lock-cleanup mechanism, specifically in the remove_waiter helper function. That function was written on the assumption that a thread always cleans up after itself when it blocks on its own resource. The Requeue-PI mechanism broke that assumption by having the function clean up on behalf of a different, sleeping thread.
When rt_mutex_start_proxy_lock returns an EDEADLK error and triggers a rollback through remove_waiter, the function clears the pi_blocked_on pointer belonging to the current task instead of the thread that was actually waiting. This creates a textbook use-after-free, enough to build a full privilege-escalation chain from an ordinary account all the way to root.
Scale and Effectiveness of the Attack
Nebula Security built a full, working exploit on top of GhostLock. It leverages an address leak via a timing attack on ASLR, reuse of freed stack memory through PR_SET_MM_MAP, a controlled write via the rtmutex's rb-tree, hijacking of a function table through inet6_protos, and a final privilege escalation by manipulating the /proc/sys/kernel/core_pattern file.
The entire chain runs in about five seconds and, according to Nebula Security's tests, succeeds in 97 percent of attempts. The exploit also allows an escape from containers, making it especially dangerous in cloud and multi-tenant environments, where containers are meant to keep individual customers isolated from each other.
An exploit that Nebula claims is 97 percent effective, with publicly available code that anyone can run, changes that calculus - Daniel Bechenea, security manager, Pentest Tools
Containerized workloads that teams treat as isolated become a springboard for taking over the host - Daniel Bechenea, Pentest Tools
Fifteen Years Hidden
The bug was introduced in Linux 2.6.39 in 2011 and remained present in every major distribution until the fix shipped in April 2026 alongside kernel 7.1. That means for fifteen years, the function handling a rare deadlock case in the Requeue-PI mechanism cleared the wrong pointer without any visible consequences for kernel developers or security teams.
The first patch released in April also introduced a separate bug causing system crashes, tracked as CVE-2026-53166, so administrators need to install current kernel versions rather than just the earliest available patch. As of July, some popular long-term-support distributions still had only partial fixes applied.
AI as a Security Research Tool
Nebula Security describes its mission as delivering AI-driven research and tools that find vulnerabilities before attackers do. VEGA is one of several autonomous agents the company runs, and according to its own catalog it is already credited with 885 reported and confirmed bugs, including a previous serious flaw in the V8 engine that led to remote code execution in Chrome.
The GhostLock discovery fits a broader trend in which tech companies are testing AI agents to analyze source code at a scale no human team can match, capable of scanning millions of lines of kernel code in hours instead of weeks. Critics note, though, that the growing volume of AI-assisted reports is adding to the workload of kernel maintainers, who must sift low-quality submissions from real threats - though GhostLock shows that once a working exploit is built, such discoveries carry real value, as confirmed by Google's bounty.
What It Means for Administrators
For companies and Linux system administrators in Poland, the key step is checking whether their servers and containers are running a kernel version with the April fix or newer, not just the earliest available patch, since that one contained an additional bug that caused crashes. This applies both to physical servers and to multi-tenant container-based environments, where the flaw also allows an escape from isolation.
Because an exploit using GhostLock is already publicly available, and its success rate reaches 97 percent, the risk of attackers with local access exploiting the bug in practice grows with every day an update is delayed. Installing the patched kernel remains the only practical protection against the GhostLock threat.
Sources: gHacks Tech News (ghacks.net), The Hacker News (thehackernews.com), SecurityWeek (securityweek.com), Nebula Security (nebusec.ai), IT Pro (itpro.com)


