{"id":287461,"date":"2026-07-09T04:03:00","date_gmt":"2026-07-09T08:03:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/09\/high-severity-linux-vulnerabilities-patched-open-source-for-you\/"},"modified":"2026-07-09T04:25:07","modified_gmt":"2026-07-09T08:25:07","slug":"high-severity-linux-vulnerabilities-patched-open-source-for-you","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/09\/high-severity-linux-vulnerabilities-patched-open-source-for-you\/","title":{"rendered":"High-Severity Linux Vulnerabilities Patched &#8211; Open Source For You"},"content":{"rendered":"<p><a href=\"https:\/\/www.opensourceforu.com\/2026\/07\/high-severity-linux-vulnerabilities-patched\/\">High-Severity Linux Vulnerabilities Patched &#8211; Open Source For You<\/a><\/p>\n<p><a href=\"https:\/\/www.opensourceforu.com\/2026\/07\/high-severity-linux-vulnerabilities-patched\/\">https:\/\/www.opensourceforu.com\/2026\/07\/high-severity-linux-vulnerabilities-patched\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-09 04:03:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.opensourceforu.com\">www.opensourceforu.com<\/a><\/p>\n<p>            Credit: Getty Images<\/p>\n<p><span style=\"font-weight: 400\">Two high-severity Linux kernel vulnerabilities could allow virtual machine escapes and privilege escalation before newly released patches close the security gaps.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Two high-severity vulnerabilities have been disclosed in the Linux kernel, including one that allows virtual machines to escape from the guest environment to the host and obtain root privileges. The vulnerability is tracked as CVE-2026-53359 and has been awarded a US$250,000 bug bounty by Google for the disclosure. Google also awarded a US$92,337 bug bounty for another Linux vulnerability, tracked as CVE-2026-43499.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The first vulnerability has been called Januscape and affects the KVM hypervisor that is used in most of the Linux distributions. It resides on the guest-side of KVM and allows an attacker with root privileges in a guest virtual machine (VM) to run code on the host machine or disrupt other VMs running on the same physical host.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Hyunwoo Kim, the security researcher who discovered Januscape, wrote, \u201cWith guest-side actions alone, an attacker can compromise the host that runs their VM. For example, an attacker who has rented just a single instance on a public cloud could panic the host kernel to take down every other tenant VM on the same physical machine (DoS), or run code with root privilege on the host to take over the host and all the guests on it (RCE).\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400\">The other security issue called, GhostLock, is a privilege escalation vulnerability that resides in the Linux kernel\u2019s futex priority-inheritance feature. It allows users with limited privileges to gain root access and remained undiscovered for 15 years.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Matt Lucas, researcher and founder of RedEye Security, explained, \u201cThe flaw lives in the kernel\u2019s futex priority-inheritance machinery\u2026 The kernel is left holding a pointer to memory it has already freed and reused. Trusting that stale pointer is the entire bug: a classic use-after-free.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400\">Both vulnerabilities have been patched in&#8230;<\/span><\/p>\n<p><a href=\"https:\/\/www.opensourceforu.com\/2026\/07\/high-severity-linux-vulnerabilities-patched\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>High-Severity Linux Vulnerabilities Patched &#8211; Open Source For You https:\/\/www.opensourceforu.com\/2026\/07\/high-severity-linux-vulnerabilities-patched\/ Publish Date: 2026-07-09 04:03:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":287462,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.opensourceforu.com\/wp-content\/uploads\/2026\/07\/linux.jpg","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,89,71,32,57,27],"class_list":["post-287461","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-flaw","tag-linux","tag-malware","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287461"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=287461"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287461\/revisions"}],"predecessor-version":[{"id":287463,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287461\/revisions\/287463"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/287462"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=287461"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=287461"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=287461"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}