IonStack part II: GhostLock, a stack-UAF that has existed in ALL Linux distributions for 15 years

Vulnerability Summary

GhostLock (CVE-2026-43499) lets an unprivileged local attacker:

Get a dangling kernel pointer to kernel stack memory with only regular threading syscalls. 
Write a pointer to an almost arbitrary address.
Hijack a function table to get control flow hijack and eventually get root access.

I don’t worry about threats that have to gain physical access, but understand they coudl be critical to others where there are multiple users or on a network.

2 Likes