Updated
Updated · SecurityWeek · Jul 7
Linux Kernel Patches 16-Year KVM VM-Escape Flaw, Exposing Intel and AMD Hosts
Updated
Updated · SecurityWeek · Jul 7

Linux Kernel Patches 16-Year KVM VM-Escape Flaw, Exposing Intel and AMD Hosts

3 articles · Updated · SecurityWeek · Jul 7

Summary

  • CVE-2026-53359, dubbed Januscape, lets an attacker escape a KVM guest and execute code on the underlying Linux host, with the bug patched in mainline on June 19.
  • The flaw is a use-after-free in KVM’s shadow MMU code that corrupts host shadow page state; researcher Hyunwoo Kim showed it as a zero-day in Google’s kvmCTF.
  • Root access inside a guest is enough to exploit it—typically available in public cloud VM instances—and successful attacks can crash the host or gain root control over the host and co-located guests.
  • Januscape is described as the first KVM escape exploit to work on both Intel and AMD, raising risk for multi-tenant x86 clouds that run untrusted guests and enable nested virtualization.
  • The vulnerability also affects some Linux distributions such as RHEL, where it may allow local users to escalate to root, and it had remained in the kernel for 16 years.

Insights

This is the first KVM bug to hit both Intel and AMD. Does this signal a new era of cross-platform hypervisor threats?
A critical flaw hid in Linux for 16 years. What other decade-old bugs might be lurking in our cloud infrastructure?
If even Google's cloud is vulnerable, can any multi-tenant platform truly be secure from a determined hypervisor attack?

Januscape (CVE-2026-53359): 16-Year-Old Linux KVM VM Escape Vulnerability Exposes Millions of Virtualized Hosts

Overview

Januscape (CVE-2026-53359) is a critical Linux kernel vulnerability that poses an immediate and severe threat to virtualized environments. Hidden for about 16 years since August 2010, it was finally patched in June 2026 after a coordinated disclosure and embargo period. With details publicly released in July 2026, Januscape has become a pressing concern for system administrators worldwide. The vulnerability’s long dormancy and recent exposure highlight the urgent need for rapid patching and vigilant security practices to protect against potential exploitation in multi-tenant and cloud environments.

...