GhostLock, a stack-UAF that has existed in all Linux distributions for 15 years
260 points
4 days ago
| 14 comments
| nebusec.ai
| HN
UAF = Use After Free (https://en.wikipedia.org/wiki/Dangling_pointer)
goodburb
2 days ago
[-]
Tested on three Android devices (version 9, 13, 16) with different Firefox versions under 150 (had to modify for older).

Two boot looped, I had to enter recovery and the other just powered off [0].

The demo modifies the wallpaper on supported Pixel devices.

[0] IonStack https://rootme.nebusec.ai

____

Tip: Install a Chromium flavor browser (Chromite) separate from the main browser.

Disable Javascript and hardware accelerated video decoder (commonly exploited) from the flags page and enable reader mode to fix broken JS-dependent websites when browsing blogs and random sites on your personal devices, else dedicate a tablet.

reply
etenal
6 hours ago
[-]
Thanks for testing, we currently only tested it on Pixel 10, but there are a few people on our repo creating PR to support other devices, you can take a look here https://github.com/NebuSec/CyberMeowfia
reply
coffe2mug
1 hour ago
[-]
Would be amazing if this was used to root so-far unrootable android devices. Any suggestions.
reply
mschuster91
17 minutes ago
[-]
Wonder if it were possible to use this to (finally) jailbreak DJIs original RC that came with the Mini 3 Pro.

It doesn't have a web browser or, virtually, anything of use... but I think it supports enough of a web browser to log in into wifi captive portals.

reply
Retr0id
5 hours ago
[-]
I've been noodling with porting the kernel exploit to other devices, and the exploit is very sensitive to how the compiler happens to lay out stack frames, which varies between kernel builds. Once you figure out the right "stamp method" and offsets for a particular kernel build though, it's fairly reliable.
reply
Chu4eeno
2 days ago
[-]
fwiw, the firefox vulnerability seems to be CVE-2026-10702 (type confusion in the ionmonkey jit compiler): https://www.sentinelone.com/vulnerability-database/cve-2026-...
reply
0x1ceb00da
2 hours ago
[-]
Does that mean any android app can use ndk native code execution to become root? Does selinux help here?
reply
goodburb
1 hour ago
[-]
Considering that it's rare to get kernel (or any) updates on non-flagship phones, it seems likely.

Backporting an old kernel should be possible, but the only indicator is the system update changelog that explicitly mentions it, I rarely see CVEs mentioned in changelogs on any smartphone. A tool to test the vulnerability is the only way.

Any compromised app on the Play store or external can get root access instantly, but we can still rely on trust and audits when installing apps which should always be the rule.

I suspect that this will be added to all Google Play integrity levels, limiting many apps from being installed on unpatched phones in the future.

That's not the case with browsers with random sites and ads which is hardly avoidable, having any sandbox escape is now more severe considering that it bypasses the app container. It's similar to JailbreakMe on iOS [0]

[0] https://en.wikipedia.org/wiki/JailbreakMe

reply
ChocolateGod
15 minutes ago
[-]
> Considering that it's rare to get kernel (or any) updates on non-flagship phones

How the cluster f*k of the Android update situation Google has allowed this to happen really needs a regulator to step in.

Planned obsolescence is supposed to be illegal in Europe.

reply
kuschku
1 hour ago
[-]
> I suspect that this will be added to all Google Play integrity levels, limiting many apps from being installed on unpatched phones in the future.

You do realize that a full kernel vulnerability like this allows you to feed falsified information to SafetyNet? Just like DRM, it gives the developer the illusion of control, but doesn't do anything to actually improve "safety" or "integrity".

It's silly that whenever I see a vulnerability like this, all I can think about is "finally, a way to get control over my own devices back". Once again, Stallman was right.

https://www.gnu.org/philosophy/right-to-read.en.html

Personally, I'll use this to root my Android TV and Chromecast devices and remove the shitty ads in the launcher (which Google added after I bought the devices!).

reply
didntcheck
2 minutes ago
[-]
[delayed]
reply
goodburb
59 minutes ago
[-]
Agreed, but I think this will force the average user to upgrade* their phones after losing access to sensitive apps (bank, gov) before getting compromised.

Good news for reusing old phones and taking control.

*as in replace

reply
kuschku
32 minutes ago
[-]
We should be fighting against SafetyNet and similar attestation systems.

The proper solution is one we had with desktop computing for decades. If you keep the key material on your eID or bank card, you don't need a locked down operating system. Which then allows devices to live for much longer.

We're slowly losing the war on General Purpose Computing.

https://media.ccc.de/v/28c3-4848-en-the_coming_war_on_genera...

reply
ChocolateGod
13 minutes ago
[-]
> We should be fighting against SafetyNet and similar attestation systems. The proper solution is one we had with desktop computing for decades. If you keep the key material on your eID or bank card

So you want a bank card/ID card to be required each time you use Google Pay? What's the point of Google Pay then.

reply
karteum
40 minutes ago
[-]
"this will force the average user to upgrade their phones"

A lot of phones don't receive any upgrades after 1 or 2 years...

I wish that Google would have forced vendors to implement a proper hardware abstraction (uefi or similar) so that a single kernel could run on any smartphone, just like it's the case for PCs...

reply
charcircuit
29 minutes ago
[-]
Google has required vendors to do that since Android 12. For a given version that same exact kernel is used on all phones with that version.

https://source.android.com/docs/core/architecture/kernel/gen...

reply
jeroenhd
1 hour ago
[-]
selinux doesn't help when the kernel itself has been compromized like this. Sandboxes from Android and containerisation tools like Docker do not protect you against this exploit. The only feasible method of restriction is full virtualisation (assuming that if you use KVM, last week's CVE-2026-53359 patches are rolled out everywhere).

Any app that can run native code execution on any version of Linux in the past fifteen years can get root until kernel updates arrive on your devices.

reply
password4321
2 days ago
[-]
Forgot to include "LPE" (local...) in the title so most of us can get back to weekending.
reply
jurf
1 hour ago
[-]
Got me confused for a sec, as the exploit in the top comment implies JavaScript→root, but it actually relies on two separate exploits.
reply
phire
58 minutes ago
[-]
Not really. Generally we use "Local Privilege Exploit" to describe an exploit that goes from a reasonably normal user privileges to root privileges.

And we don't usually worry about them, because an application with normal user privileges can already to so much damage.

But this exploit can be triggered from inside a tightly sandboxed process, such as firefox's isolated browser process. Which means the attacker now only needs to chain two exploits together: One javascript exploit to get local code execution in an isolated sandbox, and this one to jump all the rest of the way to kernel mode.

Which means, you should update both firefox, and your linux kernel.

reply
password4321
34 minutes ago
[-]
> this exploit can be triggered from inside a tightly sandboxed process

Thank you for emphasizing this important detail.

> you should update both firefox, and your linux kernel

No doubt, update all the things! My point was, it can most likely wait until Monday.

reply
iririririr
15 minutes ago
[-]
as if in these times there aren't hundreds of "0days" in everyone's hands waiting to be burned for situations just like this.

from ssh to node, so much stuff showing every other week. might as well call everything remote unless you run 100% behind wireguard or something.

reply
circularfoyers
2 days ago
[-]
Since this enables container escape, sounds like this might still impact quite a lot of us?
reply
password4321
1 day ago
[-]
I guess, if you thought Docker/etc. was a security boundary
reply
insanitybit
5 hours ago
[-]
They are a security boundary. The fact that you need a vulnerability to escape them is proof of that. They just don't have a particularly high cost of escape because reachable kernel vulnerabilities are so common.
reply
dijit
2 hours ago
[-]
Escape from docker containers is trivially easy, if you are able to run as the root user in the container itself.

Many (maybe most) containers actually default to running programs as root. Kernel exploit not required.

reply
password4321
27 minutes ago
[-]
> They are a security boundary

My mistake, leaving out some adjective one could interpret as a misunderstanding of containers as an effective (etc.) security boundary. Fool me 100+ times and all that.

There must be at least a triple-digit number of CVEs by now demonstratimg that in practice containers are a thinner layer of security (perhaps not quite as thin as the classic recommendation of running SSH on a nonstandard port, but that might be leaning toward the safer side of analogies vs. malicious code!) rather than a boundary like virtualization (not perfect but a best practice for isolation).

reply
worthless-trash
4 hours ago
[-]
Some people clearly do use containers as deployment mechanism, with security not in mind.
reply
markasoftware
5 hours ago
[-]
Runpod, digital ocean's gpu cloud, and at least a few others use Linux containers for isolation between tenants (look at Wiz's blog post about the nvidia container toolkit bug; digitalocean just puts everyone in a massive k8s cluster)
reply
stingraycharles
2 hours ago
[-]
Why aren’t they using a fast VM like Firecracker?
reply
circularfoyers
5 hours ago
[-]
I know there's a lot you can do in k8s to mitigate it, but I didn't think that prevented it outright.
reply
ActorNightly
1 hour ago
[-]
If you run critical containers under Linux instead of a dedicated hypervisor, you deserve to get hacked.
reply
hollerith
1 day ago
[-]
A lot of us rely on Linux containers' being escape-proof?

I would have hoped that only a few of us are so misinformed as to do that.

reply
Chu4eeno
2 days ago
[-]
they also found a type confusion in firefox/ionmonkey, so you can go from random website to pwned very quickly.
reply
teleforce
2 days ago
[-]
>Google has rewarded us $92,337 in kernelCTF

I'm all ears now

reply
mrbluecoat
2 days ago
[-]
Seems low considering the wide impact, but maybe the only thing corporations throw big money at is remote exploits?
reply
tptacek
2 days ago
[-]
That's a huge amount of money for a vulnerability.
reply
esseph
4 hours ago
[-]
reply
ActorNightly
2 hours ago
[-]
How is it a wide impact?

It requires being able to execute arbitrary code on the machine in userspace. If you have that, most of the time you don't even care about kernel level exploits.

reply
etenal
1 hour ago
[-]
It's a browser to kernel full chain exploit, from url click to root your device.
reply
athrowaway3z
1 hour ago
[-]
reply
amatecha
2 days ago
[-]
Daaaaamn: "GhostLock was introduced in Linux 2.6.39 and fixed in Linux 7.1."
reply
tangenter
3 hours ago
[-]
Fuck it. I’m exclusively running the book version of minix from now on, neovim be damned. The exploit surface of these kernels is wild.
reply
poly2it
1 hour ago
[-]
Is HN bugged? I swear I have read these comments the day prior, there is no way they are from within 10 hours?
reply
dang
1 hour ago
[-]
I don't know what "bugged" means but what you're seeing is probably an artifact of HN's re-upping system. We re-upped this thread and that relativized the timestamps on the previously existing comments (https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...). Sorry for the confusion—I know it's weird but so far no one has come up with an alternative that is less confusing.

The reason I re-upped this post, btw, is that it was at the top of a list called "underwater" that we try to look at every day, which lists the most-upvoted posts that for whatever reason didn't happen to make the frontpage. This was at the top of that list.

reply
poly2it
1 hour ago
[-]
Ah, I didn't know actual post timestamps for comments are updated. That explains it, thank you!
reply
tpetry
1 hour ago
[-]
Sometimes similar articles are merged into one. Including the comments.
reply
KasianFranks
3 hours ago
[-]
So has the church of the subgenius.
reply
KnockOutEZ
3 hours ago
[-]
Damn
reply
alexjplant
6 hours ago
[-]
> This is the same shape as many other life-cycle bugs [...]

Claude-ism detected. IME with Claude Code an object does not have a type or definition, apparently, but rather a shape (or at least it reaches for that word before more technically-accurate ones). Problems are not of a similar class or type, but of the same shape. Functions are not defined by their signatures but by their shape. Who talks like this and how did it make its way into the training data so pervasively?

reply
dang
5 hours ago
[-]
I think you're probably right that the article was AI-assisted, but (if so) it's important not to confuse that with the thing the article is about. Google wouldn't pay $90k for a hallucination.

I don't mean that as a criticism—the question of how to receive AI-processed content is chaotic right now. I'm working on a post about that here: https://news.ycombinator.com/item?id=48887149.

Btw, Nebula Sec is a YC startup in the current batch. We've been working with them on how to launch on HN, and one of the things I've been trying to explain is that the HN audience won't respond well to LLM-generated reports. The underlying work, though, is impressive. These guys know what they're doing—the OP is by no means their only significant find—and the fact that they're doing it with an agent, rather than the traditional way, is significant.

reply
cwillu
5 hours ago
[-]
A thing that notably triggers my allergies is that if significant human effort went into something, a few paragraphs written by a human seems like a trivial additional investment; if that last touch is missing, it's really hard for me to extend the benefit of the doubt that there really is something there.

Obviously this is only one signal among many, one that can be overruled, but the ick remains regardless.

reply
dang
4 hours ago
[-]
I agree to an extent, but there are many exceptions, so one can't really withhold the benefit of the doubt.

For example, non-native English speakers (as is the case with these guys IIRC) frequently use these tools. Maybe they shouldn't—as I've been telling a lot of people who email, mistakes are rapidly becoming a sign of authenticity at this point—but the belief that they need to is widespread, and this doesn't mean they didn't do significant work.

(Side note: it's a common assumption that machine-translated text is in a different category from LLM-edited text. From what we're seeing, that assumption is unfortunately completely wrong.)

Another important case is people with disabilities who find these technologies assistive. Again, one can argue that they're increasingly better off just posting their own writing in the raw, but this is a pretty obscure point to get across to people.

Beyond those cases, a lot of people just don't write easily, and/or don't feel their writing is any good. A lot of them are using LLMs to compensate for that, and this by no means implies that their work is bad. Maybe they just have a phobia about writing and/or don't express themselves well that way.

People who enjoy writing or are confident writers fail to understand how emotionally fraught writing is for many others.

Personally I'm down with the "writing is thinking" view, from which it follows that bad writing is bad thinking. But it doesn't follow that "thinking is writing" - that's a much stronger claim, from which it would follow that good thinking is good writing—and this I think is false.

reply
sph
4 hours ago
[-]
Non-native speakers have learned and improved their English for decades by trial-and-error, let’s stop using that as an excuse to use LLMs. I have been there, and making mistakes is how one learns to communicate effectively in another language.

If one doesn’t put effort in their writing, I am not going to put effort to read whatever slop they put out instead. Simple as that.

reply
dang
4 hours ago
[-]
What you say implies that people should "learn and improve their English" before posting their work to HN. I'm not with you on that, and here's why: we're trying to optimize for the most-intellectually-interesting site, not the most-English site: https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor..., even though people do have to post in English here.

That may sound like too fine a distinction, but it isn't. Here's an example: Show HN: Getting GLM 5.2 running on my slow computer - https://news.ycombinator.com/item?id=48842459, which was the #1 thread on HN a couple days ago (https://news.ycombinator.com/front?day=2026-07-09).

That user is a non-native English speaker who helped get his posts into a format that HN could appreciate. His work is obviously excellent—the community response was unambiguous. But I don't think it would have made it through without our help.

I'm sure you weren't saying that if someone can't describe their work in good English then it must be slop, but the space is larger than you make it sound. Which is unfortunate in a way—it would be easier to narrow it down, but then we'd miss posts like that one.

reply
cwillu
3 hours ago
[-]
Pie-in-the-sky synthesis: translation is easy these days, so maybe non-english writers can and should just write in their own native language and let the readers provide their own translation. Perhaps English no longer needs to be the lingua anglais of western tech writing :p
reply
otterley
3 hours ago
[-]
I don’t buy it, Dan, because non-native English speakers were somehow managing to produce, publicize, and communicate before LLMs did the heavy lifting for them. Perhaps they had human assistance before, but the slop that’s so endemic today reminds us of its value.
reply
dang
3 hours ago
[-]
Not on HN they weren't. Right?
reply
otterley
3 hours ago
[-]
Non native speakers have been on HN since its inception. Unless you mean something else?
reply
dang
2 hours ago
[-]
Sorry, I was posting hastily and can see how that was unclear. Unfortunately I've forgotten my point.

Perhaps it was this: there are many non-native English speakers who have valuable things to contribute to HN, who don't yet have sufficient English or don't feel they do, and therefore resort to LLMs to do their English for them. Should they automatically be excluded?

reply
clhodapp
3 hours ago
[-]
It frankly doesn't matter how much human effort went into finding the vulnerability, it just matters if it exists, how severe it is, and how easy it is to exploit.
reply
titularcomment
37 minutes ago
[-]
If an exploit is actually working, human effort is void and the ML has done a great job. However most of the time its hallucinating, confidently talking gibberish in technical lingo. This phenomena is only amplified by those who try to make a quick buck without effort using older models, not reviewing output or prompting properly ('find me bugs in Linux, make no mistakes')
reply
etenal
30 minutes ago
[-]
There is no if, it works, people have video proof, google confirmed, Linux patched and fixed. And you still believe this is AI gibberish
reply
a_t48
3 hours ago
[-]
You should put a note in Find a Cofounder not to do that as well. Huge turnoff for me, though I guess a great filter.
reply
etenal
4 hours ago
[-]
We apologize for the confusion. We used AI to run final grammar pass and didn't noticed it changed some wording (shape is one of them). Will be more careful in the future
reply
sethammons
52 minutes ago
[-]
When working in Elixir, everything is about the shape of things. I have now taken that word usage from that ecosystem because I find it useful.
reply
dmittman
5 hours ago
[-]
Isn't this just observation bias? "If I haven't encountered something, then it must not be real?" (Paraphrasing)
reply
not-a-llm
3 hours ago
[-]
talking about data and function shapes is quite common in functional programming world

https://blog.jle.im/entry/functors-to-monads-a-story-of-shap...

reply
TurdF3rguson
4 hours ago
[-]
Except that working with Claude has me saying things like shape lately. I think I like it.
reply
mixmastamyk
2 days ago
[-]
A what?
reply
happymellon
2 days ago
[-]
Use after free?
reply
dang
6 hours ago
[-]
Thanks! I've put that in the toptext now.
reply
raldi
4 hours ago
[-]
I don't actually see that change, unless I misunderstand the meaning of toptext.
reply
teo_zero
2 days ago
[-]
I'm glad someone else asked. :)

It's not so widely used and it's not explained in the first couple screenfuls of TFA (which by itself is weirdly structured, taking entire paragraphs to explain when it was introduced, when it was discovered, etc. before even explaining what it actually is).

Of course the title was chosen when the article was first published on a site dedicated to security, where probably everyone knows it. This suggests that insisting on unmodified titles when republishing in HN is a poor rule.

reply
lkirkwood
1 day ago
[-]
Not that everyone should know it but it's definitely widely used. A Google search for "stack UAF" also turns it up.
reply
bitwize
1 hour ago
[-]
"Nothing could have prevented this from happening," say users of only language where this happens
reply
Uptrenda
6 hours ago
[-]
Has anyone in infosec ever seen the term "use after free" before LLMs? Or is this basically an acronym claude invented? I say this because I see claude use this term all the time like its common knowledge but in 15+ years in tech never seen it myself. I've seen all kinds of terms used to describe memory errors: memory corruption, heap corruption, stack corruption, whatever, just never this acronym.
reply
mirashii
6 hours ago
[-]
This is and has been a common term in any systems programming concept for decades. You can, for example, search CVEs and easily find some from over 15 years ago: https://www.cve.org/CVERecord?id=CVE-2010-1119

It was even enumerated in the first pass of CWE as CWE-416 in 2006.

reply
michaellee8
6 hours ago
[-]
if you have spend any amount of time in low level c vulnerabilities you will have heard about it, it is a very common time on the low level/cybersec space.
reply
LPisGood
6 hours ago
[-]
Yes, it was a common attack vector in binary exploitation. Heap based attack vector like use after free, double free, heap overflows, and others are pretty neat. They force you to learn a lot about how malloc works.

There is a lot of cool work that went into making memory allocation work well; the different arenas, fast bins, chunk headers, etc. are super cool.

reply
mdkotlik
6 hours ago
[-]
yes, it’s a very common term in infosec. I haven’t heard the “UAF” acronym before though
reply
smcameron
3 hours ago
[-]
I've heard of use after free, but I've only heard UAF to mean Ukraine Armed Forces.
reply
paulv
6 hours ago
[-]
It has been a known bug class for quite some time.
reply
atoav
5 hours ago
[-]
Huh? That is a really common term. There have been even memes about it. I remember roughly 5 years ago I first heard the ironic; "Real men use after free" in a discussion about Rust's benefits as its borrowing checker would have also prevented this one.

"Use after free" is also described in most standard books about C as a thing you should never do, have you read one?

reply
asveikau
6 hours ago
[-]
I haven't really seen it as an acronym "UAF", but I can't recall the first time I heard "use after free". It was probably in the previous century.

The idea that Claude came up with it is ridiculous.

reply
Klonoar
6 hours ago
[-]
reply
0xbadcafebee
2 hours ago
[-]
Do we really need infosec companies now that a skid with claude can find decades-old kernel privesc over a weekend?

Also can we talk about how bad Linux security is? At this point it's becoming a real liability to run anything on Linux that needs to be secure. OpenBSD has been around for ages, is written in C, and is really, really secure. Do they support containers yet (or microVMs)? Cuz if they do, I'm moving my workloads to obsd.

reply
titularcomment
35 minutes ago
[-]
OpenBSD is the Linux of a decade or two ago, not attracting attention and not being compatible or useful for quite a lot of stuff.
reply
asimovDev
33 minutes ago
[-]
TIL OpenBSD doesn't have jails
reply
close04
1 hour ago
[-]
> Do we really need infosec companies now that a skid with claude can find decades-old kernel privesc over a weekend?

Why are you not making easy money hand over fist from these rewards? A couple of weekends of work and you can retire early.

Maybe that's exactly what these infosec companies are. And maybe you need more than "a skid with claude over a weekend" to get anything worthwhile.

reply
_def
58 minutes ago
[-]
> and is really, really secure

... until its getting popular usage and gets targeted for vulnerability research

reply