{"id":286905,"date":"2026-07-07T15:28:00","date_gmt":"2026-07-07T19:28:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/07\/linux-bug-dormant-for-16-years-can-cause-a-vm-escape-news\/"},"modified":"2026-07-07T15:35:07","modified_gmt":"2026-07-07T19:35:07","slug":"linux-bug-dormant-for-16-years-can-cause-a-vm-escape-news","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/07\/linux-bug-dormant-for-16-years-can-cause-a-vm-escape-news\/","title":{"rendered":"Linux bug dormant for 16 years can cause a VM escape | news"},"content":{"rendered":"<p><a href=\"https:\/\/www.scworld.com\/news\/16-year-old-linux-bug-can-cause-a-vm-escape\">Linux bug dormant for 16 years can cause a VM escape | news<\/a><\/p>\n<p><a href=\"https:\/\/www.scworld.com\/news\/16-year-old-linux-bug-can-cause-a-vm-escape\">https:\/\/www.scworld.com\/news\/16-year-old-linux-bug-can-cause-a-vm-escape<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-07 15:28:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.scworld.com\">www.scworld.com<\/a><\/p>\n<p>A recently disclosed Linux kernel bug known as Januscape that was dormant for 16 years can let attackers execute a virtual machine (VM) escape in which the attacker breaks out of an isolated guest VM and can take over a hypervisor.Security researcher Hyunwoo Kim demonstrated the vulnerability as a zero-day exploit by triggering a \u201cuse-after-free\u201d error in the shadow MMU code of the Linux KVM hypervisor.Security pros were concerned about this case because a VM escape shatters the fundamental security model of virtualization: it  can let attackers steal data, manipulate the host, or compromise other VMs running on the same server. It\u2019s also important to note that the bug can be executed on both Intel and AMD architectures.\u00a0\u201cA VM escape allows an attacker to break out of a guest environment and compromise the host system,\u201d said Jason Soroko, a senior fellow at Sectigo. \u201cThis threatens multi-tenant cloud architectures because a single compromised instance can grant root privileges over the server. Attackers can then crash the host kernel to cause a Denial-of-Service or execute code to gain control over every virtual machine running on that hardware.\u201dRobert Coles, senior cybersecurity engineer at Black Duck, said VM escapes get so much attention because they break one of the core assumptions virtualization is built on: containment.Coles explained in most cases, if an attacker compromises a VM, the damage stops there, but a VM escape changes that.\u201cOnce an attacker reaches the hypervisor, they&#8217;re no longer attacking a single workload \u2014 they potentially have access to the infrastructure supporting multiple workloads,\u201d said Coles. \u201cThat&#8217;s why hypervisor compromises are considered some of the highest-impact vulnerabilities in cloud environments.\u201dColes pointed out that a patch is now available. Any organization running KVM should identify affected hosts, apply the updates, and review any environments exposing nested virtualization, particularly in&#8230;<br \/>\n<br \/><a href=\"https:\/\/www.scworld.com\/news\/16-year-old-linux-bug-can-cause-a-vm-escape\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Linux bug dormant for 16 years can cause a VM escape | news https:\/\/www.scworld.com\/news\/16-year-old-linux-bug-can-cause-a-vm-escape Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":286906,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/files.cyberriskalliance.com\/wp-content\/uploads\/2026\/02\/021026_multicloud.jpg","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[31,71,57,27],"class_list":["post-286905","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-exploit","tag-linux","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/286905"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=286905"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/286905\/revisions"}],"predecessor-version":[{"id":286907,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/286905\/revisions\/286907"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/286906"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=286905"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=286905"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=286905"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}