Security/ security · linux · kernel · vulnerability

Nebusec Claims 15-Year Linux Stack Bug Across All Distros

A security research firm says a stack use-after-free bug called GhostLock hides in every Linux distribution, but its age claim doesn't hold up.

Nebusec says it found a stack use-after-free bug named GhostLock hiding in every Linux distribution.

The security firm published the second entry in its "ionstack" research series Thursday, asserting GhostLock has existed and been exploitable across all Linux distros for 15 years. A stack use-after-free is a memory-corruption class where freed stack memory can be repurposed by an attacker - the typical result is privilege escalation or arbitrary code execution. The post had attracted very little external engagement at publication time.

Linux runs the majority of the world's servers, cloud infrastructure, and embedded systems, so a 15-year-old exploitable bug in every distribution would be a meaningful find. But the timeline strains credibility: Nebusec's own label "ionstack" points to io_uring, the async I/O subsystem that first landed in the Linux kernel in 2019 - about seven years ago, not fifteen. Either the vulnerability predates io_uring and the subsystem is one attack vector among others, or the 15-year figure is marketing math. Nebusec has not clarified which.

The Hacker News thread tied to the disclosure collected five points and a single comment. Treat this as a claim pending independent confirmation, not a confirmed vulnerability.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →