Linux KVM Guest-to-Host Escape Hits Both Intel and AMD: Two CVEs Required

Linux KVM Guest-to-Host Escape Hits Both Intel and AMD: Two CVEs Required

Linux KVM Guest-to-Host Escape Hits Both Intel and AMD: Two CVEs Required

https://www.techtimes.com/articles/319941/20260708/linux-kvm-guest-host-escape-hits-both-intel-amd-two-cves-required.htm

Publish Date: 2026-07-08 22:35:00

Source Domain: www.techtimes.com

A cloud tenant who rents a single virtual machine can now bring down every other VM on the physical host running it — or take root on the host itself and access every guest on that machine. That is the worst-case consequence of Januscape, a use-after-free vulnerability in the Linux kernel’s KVM hypervisor that went unnoticed for 16 years and was publicly disclosed on July 6, 2026. Patches landed in all major maintained kernel branches on July 4, but closing the window fully requires applying two coupled CVEs: CVE-2026-53359 and its companion CVE-2026-46113. Applying only one leaves systems partially exposed — a detail receiving far less attention than the vulnerability itself.

The full-root exploit is not yet public. What is public is a proof-of-concept that reliably panics the host from inside a guest within seconds to minutes, giving attackers an immediate denial-of-service capability against shared infrastructure. Researcher Hyunwoo Kim (@v4bel), who discovered the flaw, has confirmed a working root-level exploit exists in a controlled setting. Administrators responsible for KVM-based x86 infrastructure — cloud providers, CI/CD runners, shared hosting environments, enterprise virtualization clusters — should treat this as a fire-drill-level patch window regardless of whether a CVSS score has been assigned. As of publication, NVD had not yet scored CVE-2026-53359.

One Bug, Two Attack Paths — and a Broader One Than Headlines Suggest

Januscape presents two separate exploitation scenarios that are easy to conflate.

The first is the VM escape. A malicious guest VM with root privileges inside itself — the default state when you rent an instance on a public cloud — can trigger the race condition to corrupt the host kernel’s shadow page state. Steered carefully, that corruption enables the guest to drive the host into mapping memory of the attacker’s choosing, which is the basis for the full escape. Run without that careful steering, the same race trips the…

Source