GhostLock (CVE-2026-43499) is a use-after-free in Linux futex priority-inheritance code that has shipped by default in nearly every distro since 2011. Nebula Security
Debian Bullseye is vulnerable, Bookworm has it fixed in the security updates (kernel 6.1.176-1), Trixie is safe for both, regular and security updates (kernel 6.12.86-1 and 6.12.95-1).
That sucks, but not much (all “local account required” vulns are like that). I need to stay on 6.8 both for proper PM support for hibernation and because of the Nvidia drivers.
Debian Bullseye is vulnerable, Bookworm has it fixed in the security updates (kernel 6.1.176-1), Trixie is safe for both, regular and security updates (kernel 6.12.86-1 and 6.12.95-1).
https://security-tracker.debian.org/tracker/CVE-2026-43499
That sucks, but not much (all “local account required” vulns are like that). I need to stay on 6.8 both for proper PM support for hibernation and because of the Nvidia drivers.