{"id":287290,"date":"2026-07-08T15:01:00","date_gmt":"2026-07-08T19:01:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/08\/google-pays-250k-for-linux-vulnerability-allowing-guest-vm-escapes\/"},"modified":"2026-07-08T15:40:07","modified_gmt":"2026-07-08T19:40:07","slug":"google-pays-250k-for-linux-vulnerability-allowing-guest-vm-escapes","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/08\/google-pays-250k-for-linux-vulnerability-allowing-guest-vm-escapes\/","title":{"rendered":"Google pays $250k for Linux vulnerability allowing guest VM escapes"},"content":{"rendered":"<p><a href=\"https:\/\/arstechnica.com\/security\/2026\/07\/high-severity-guest-vm-escape-is-1-of-2-linux-vulnerabilities-to-surface-this-week\/\">Google pays $250k for Linux vulnerability allowing guest VM escapes<\/a><\/p>\n<p><a href=\"https:\/\/arstechnica.com\/security\/2026\/07\/high-severity-guest-vm-escape-is-1-of-2-linux-vulnerabilities-to-surface-this-week\/\">https:\/\/arstechnica.com\/security\/2026\/07\/high-severity-guest-vm-escape-is-1-of-2-linux-vulnerabilities-to-surface-this-week\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-08 15:01:00<\/a><\/p>\n<p>Source Domain: <a href=\"arstechnica.com\">arstechnica.com<\/a><\/p>\n<p>A Linux vulnerability that allows untrusted virtual machines to gain root access to host machines is one of two high-severity flaws to surface this week in the open source operating system.<\/p>\n<p>The vulnerability resides in KVM, which in essence is a virtual machine app included in the kernel of many Linux distributions. The vulnerability, tracked as CVE-2026-53359, allows guest virtual machines\u2014such as those used in cloud platforms to isolate one user\u2019s instance from the host OS and other user instances\u2014to break out of that container.<\/p>\n<h2>Januscape: A threat to cloud platforms<\/h2>\n<p>The vulnerability affects KVM running on both AMD and Intel processors. It exploits bugs residing in the KVM guest-side, the portion of the VM that consists of only resources like the OS or drivers present in the guest VM, rather than resources present on the host machine. The threat went unnoticed in the Linux kernel for 16 years.<\/p>\n<p>\u201cWith guest-side actions alone, an attacker can compromise the host that runs their VM,\u201d Hyunwoo Kim, the researcher who discovered the flaw, wrote. \u201cFor example, an attacker who has rented just a single instance on a public cloud could panic the host kernel to take down every other tenant VM on the same physical machine (DoS), or run code with root privilege on the host to take over the host and all the guests on it (RCE).\u201d<\/p>\n<p>Kim has named the vulnerability Januscape. The flaw is a use-after-free vulnerability\u2014a form of memory corruption vulnerability that injects malicious code into recently freed regions of memory. The vulnerability resides in the shadow MMU emulation, a process that translates host memory addresses to hypervisor memory addresses and vice versa.<\/p>\n<p>Exploits will trigger guest-side actions alone to corrupt the host kernel\u2019s shadow page, a data structure in the host that assists in the address translation. Kim has released a proof-of-concept exploit that runs in the guest VM to&#8230;<\/p>\n<p><a href=\"https:\/\/arstechnica.com\/security\/2026\/07\/high-severity-guest-vm-escape-is-1-of-2-linux-vulnerabilities-to-surface-this-week\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google pays $250k for Linux vulnerability allowing guest VM escapes https:\/\/arstechnica.com\/security\/2026\/07\/high-severity-guest-vm-escape-is-1-of-2-linux-vulnerabilities-to-surface-this-week\/ Publish Date: 2026-07-08 15:01:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":287291,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/07\/exploit-vulnerability-security.jpg","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,31,89,71,57,27],"class_list":["post-287290","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-exploit","tag-flaw","tag-linux","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287290"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=287290"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287290\/revisions"}],"predecessor-version":[{"id":287292,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287290\/revisions\/287292"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/287291"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=287290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=287290"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=287290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}