CVE-2026-43499
rtmutex: Use waiter::task instead of current in remove_waiter()
Description
In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also used for proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from futex_requeue(). In the latter case waiter::task is not current, but remove_waiter() operates on current for the dequeue operation. That results in several problems: 1) the rbtree dequeue happens without waiter::task::pi_lock being held 2) the waiter task's pi_blocked_on state is not cleared, which leaves a dangling pointer primed for UAF around. 3) rt_mutex_adjust_prio_chain() operates on the wrong top priority waiter task Use waiter::task instead of current in all related operations in remove_waiter() to cure those problems. [ tglx: Fixup rt_mutex_adjust_prio_chain(), add a comment and amend the changelog ]
In plain language
AI Worth attentionThis Linux kernel bug can let a local attacker crash the system (and possibly gain higher privileges) by triggering a mistake in real-time mutex cleanup; small businesses should patch because it’s a high-impact local issue, but there’s no clear evidence of real-world attacks.
CVE-2026-43499 is a Linux kernel real-time mutex (rtmutex) flaw where remove_waiter() uses the wrong task context (“current” instead of the waiter task), which can cause use-after-free conditions and incorrect priority/PI state handling; it requires low-effort local access.
What to do now
- Check your Linux kernel version (e.g., run
uname -r). - Compare it against the fixed kernel versions listed below and confirm whether your version includes the fix.
- Update your Linux kernel to include the fix (choose the matching line from the list of fixed versions for your distribution’s kernel branch).
- Reboot after applying the kernel update so the new kernel is actually running.
- If you cannot patch immediately, reduce local access to the affected machines (tighten who can log in) until the kernel is upgraded.
CVSS Vector Breakdown
AV:LAttack VectorAC:LAttack ComplexityPR:LPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
- Уязвимость GhostLock существует с 2011 года и затрагивает основные дистрибутивы Linuxru-ru·Хакер (xakep.ru)·
- ⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and Moreen·The Hacker News·
- 15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From Googleen-us·SecurityWeek· Summary only·
- 15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distrosen·The Hacker News·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-43499 and every CVE in our database. Create a free account — no credit card required.
Create Free Account