Expert In the Cloud • 2h
Linux Kernel: Architecture-Agnostic VM Escape in KVM Januscape
CVE-2026-53359, dubbed "Januscape," is a critical vulnerability in the Linux Kernel's KVM subsystem enabling a guest-to-host escape. The flaw stems from a 16-year-old logic error within the architecture-agnostic portion of the KVM code, bypassing hypervisor boundaries regardless of the underlying CPU vendor. A malicious guest user can leverage this flaw to execute arbitrary code with root privileges on the host machine. The vulnerability affects nearly all x86-based cloud and enterprise virtualization environments utilizing Intel or AMD processors. Immediate patching via the latest Linux kernel updates is required to prevent full host compromise.
Links:Expert In the Cloud, SecurityWeek, news.ycombinator.com, SC Media, News, Usenix, Kernel, Lwn, Bbs •