Last updated: July 7, 2026 at 3:10 AM UTC
All 566 Vulnerability 203 Breach 107 Threat 249 Defense 7
Tag: januscape (1 article)Clear

16-year-old KVM flaw lets a guest VM crash or escape to the Linux host

A use-after-free flaw in Linux's KVM hypervisor, nicknamed Januscape and hidden in the code for about 16 years, lets a virtual machine attack the physical host it runs on. Tracked as CVE-2026-53359, it sits in the shadow memory code that KVM uses on both Intel and AMD systems when nested virtualization is enabled. From inside a guest with root, an attacker can corrupt host kernel memory: the public proof-of-concept crashes the entire host, taking down every other tenant on that machine, and the researcher says a private exploit can run code as root on the host. The fix reached mainline Linux in June, and distributions are shipping updated kernels now.

Check
Identify x86 KVM hosts running untrusted or multi-tenant guests with nested virtualization enabled, check kernel versions against the Januscape fix, and confirm /dev/kvm is not world-writable on shared systems.
Affected
x86 KVM hosts on unpatched kernels with nested virtualization enabled (CVE-2026-53359), on both Intel and AMD; a guest with root can crash the host or potentially escape to run code on it.
Fix
Apply the updated kernels from your distribution as they ship. If you cannot patch immediately, disable nested virtualization with kvm_intel.nested=0 or kvm_amd.nested=0 to remove the attack path for untrusted guests.