Home / Jul 07, 2026 / Story
0
#2 The Hacker News general July 06, 2026 at 17:37 UTC

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

By [email protected] (The Hacker News)

AI Summary

CVE-2026-53359, dubbed 'Januscape,' is a 16-year-old use-after-free vulnerability in Linux KVM's shadow MMU code affecting both Intel and AMD x86 systems. A public PoC currently causes host kernel panics, but the researcher claims a separate unreleased exploit achieves full guest-to-host escape, making this a high-severity threat for virtualization environments and cloud infrastructure operators.

Relevance score: 87.0/100

# More from July 07