NHacker Next
  • new
  • past
  • show
  • ask
  • show
  • jobs
  • submit
GhostLock, a stack-UAF that has existed in ALL Linux distributions for 15 years (nebusec.ai)
goodburb 12 hours ago [-]
Tested on three Android devices (version 9, 13, 16) with different Firefox versions under 150 (had to modify for older).

Two boot looped, I had to enter recovery and the other just powered off [0].

The demo modifies the wallpaper on supported Pixel devices.

[0] IonStack https://rootme.nebusec.ai

____

Tip: Install a Chromium flavor browser (Chromite) separate from the main browser.

Disable Javascript and hardware accelerated video decoder (commonly exploited) from the flags page and enable reader mode to fix broken JS-dependent websites when browsing blogs and random sites on your personal devices, else dedicate a tablet.

Chu4eeno 11 hours ago [-]
fwiw, the firefox vulnerability seems to be CVE-2026-10702 (type confusion in the ionmonkey jit compiler): https://www.sentinelone.com/vulnerability-database/cve-2026-...
password4321 17 hours ago [-]
Forgot to include "LPE" (local...) in the title so most of us can get back to weekending.
circularfoyers 15 hours ago [-]
Since this enables container escape, sounds like this might still impact quite a lot of us?
password4321 3 hours ago [-]
I guess, if you thought Docker/etc. was a security boundary
hollerith 7 hours ago [-]
A lot of us rely on Linux containers' being escape-proof?

I would have hoped that only a few of us are so misinformed as to do that.

Chu4eeno 11 hours ago [-]
they also found a type confusion in firefox/ionmonkey, so you can go from random website to pwned very quickly.
teleforce 18 hours ago [-]
>Google has rewarded us $92,337 in kernelCTF

I'm all ears now

mrbluecoat 17 hours ago [-]
Seems low considering the wide impact, but maybe the only thing corporations throw big money at is remote exploits?
tptacek 12 hours ago [-]
That's a huge amount of money for a vulnerability.
amatecha 17 hours ago [-]
Daaaaamn: "GhostLock was introduced in Linux 2.6.39 and fixed in Linux 7.1."
ranger_danger 20 hours ago [-]
Imustaskforhelp 16 hours ago [-]
upvoted your submission!
anonym29 18 hours ago [-]
isn't that the worst, when you post a breaking story first and someone else's dupe hits front page? upvoted your original :)
djfergus 12 hours ago [-]
em-bee 5 hours ago [-]
that's the original post by the actual authors. that's the one that should be upvoted. they broke the title rule though.
12 hours ago [-]
mixmastamyk 20 hours ago [-]
A what?
teo_zero 11 hours ago [-]
I'm glad someone else asked. :)

It's not so widely used and it's not explained in the first couple screenfuls of TFA (which by itself is weirdly structured, taking entire paragraphs to explain when it was introduced, when it was discovered, etc. before even explaining what it actually is).

Of course the title was chosen when the article was first published on a site dedicated to security, where probably everyone knows it. This suggests that insisting on unmodified titles when republishing in HN is a poor rule.

lkirkwood 4 minutes ago [-]
Not that everyone should know it but it's definitely widely used. A Google search for "stack UAF" also turns it up.
happymellon 19 hours ago [-]
Use after free?
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact
Rendered at 17:56:49 GMT+0000 (Coordinated Universal Time) with Vercel.