{"id":286643,"date":"2026-07-07T03:17:00","date_gmt":"2026-07-07T07:17:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/07\/januscape-16-year-old-linux-kvm-bug-enables-cloud-vm-escape-attacks\/"},"modified":"2026-07-07T04:25:07","modified_gmt":"2026-07-07T08:25:07","slug":"januscape-16-year-old-linux-kvm-bug-enables-cloud-vm-escape-attacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/07\/januscape-16-year-old-linux-kvm-bug-enables-cloud-vm-escape-attacks\/","title":{"rendered":"Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/194868\/security\/januscape-16-year-old-linux-kvm-bug-enables-cloud-vm-escape-attacks.html\">Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/194868\/security\/januscape-16-year-old-linux-kvm-bug-enables-cloud-vm-escape-attacks.html\">https:\/\/securityaffairs.com\/194868\/security\/januscape-16-year-old-linux-kvm-bug-enables-cloud-vm-escape-attacks.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-07 03:17:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> July 07, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2026\/07\/image-19.png?fit=1086%2C1449&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Januscape: A 16-year-old Linux KVM flaw lets cloud VM tenants crash hosts and potentially escape guests. It affects Intel and AMD systems.<\/h2>\n<p class=\"wp-block-paragraph\">Security researcher Hyunwoo Kim has published details of a use-after-free vulnerability in Linux\u2019s KVM hypervisor that allows code running inside a guest virtual machine to corrupt host kernel memory. The bug, tracked as CVE-2026-53359 and named Januscape, has been sitting in the kernel since August 2010. It affects both Intel and AMD processors, which makes it the first publicly documented guest-to-host KVM exploit that works across both architectures.<\/p>\n<p class=\"wp-block-paragraph\">Kernel-based Virtual Machine (KVM) is a virtualization technology built directly into the Linux kernel that allows one physical computer to run multiple independent virtual machines (VMs).<\/p>\n<p lang=\"en\" dir=\"ltr\">\ud83d\udca5 Introducing &#8220;Januscape&#8221; (CVE-2026-53359)  <\/p>\n<p>A Guest-to-Host Escape in KVM\/x86 exploiting a UAF in the shadow MMU. Triggerable on both Intel and AMD hosts. Threatens x86 public clouds (GCP, AWS) that expose nested virtualization.  <\/p>\n<p>&#8220;16 years&#8221; latent. Successfully used as a\u2026 pic.twitter.com\/UHVC6Tg3Nm<\/p>\n<p>\u2014 V4bel (@v4bel) July 6, 2026<\/p>\n<p class=\"wp-block-paragraph\">Kim used it as a zero-day submission in Google\u2019s kvmCTF program, which offers up to $250,000 for full guest-to-host escapes. The public proof-of-concept reliably panics the host kernel. A separate, complete exploit that achieves code execution on the host exists but hasn\u2019t been released. Kim says that one is planned for the distant future.<\/p>\n<p class=\"wp-block-paragraph\">KVM maintains its own internal set of page tables to track a guest\u2019s memory layout. When it needs one of these tracking pages, it looks for an existing one to reuse. The problem is that it matched candidates by memory address alone and ignored the type of tracking page it was grabbing. <\/p>\n<p class=\"wp-block-paragraph\">\u201cJanuscape is a use-after-free vulnerability&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/194868\/security\/januscape-16-year-old-linux-kvm-bug-enables-cloud-vm-escape-attacks.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks https:\/\/securityaffairs.com\/194868\/security\/januscape-16-year-old-linux-kvm-bug-enables-cloud-vm-escape-attacks.html Publish Date: 2026-07-07 03:17:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":286644,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/07\/image-19-767x1024.png","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,31,89,71,57,27],"class_list":["post-286643","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-exploit","tag-flaw","tag-linux","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/286643"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=286643"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/286643\/revisions"}],"predecessor-version":[{"id":286645,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/286643\/revisions\/286645"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/286644"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=286643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=286643"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=286643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}