A new Linux kernel local-privilege-escalation flaw has been disclosed, and we are shipping patched kernels for it. GhostLock (CVE-2026-43499) is a use-after-free in the kernel’s real-time mutex (rtmutex) priority-inheritance code. An unprivileged local user can exploit it to gain root, and it works from inside a container to escape to the host. No special capabilities are required. Every supported AlmaLinux release (8, 9, and 10) is affected. Patched kernels are available in the testing repository today, and we would like your help verifying them before we push them to production.
pull down to refresh