Securityaffairs.Co
Critical Januscape Vulnerability in Linux KVM Exposes Cloud Servers to Attacks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A critical vulnerability in Linux KVM, named Januscape (CVE-2026-53359), has been discovered after lying dormant for 16 years. This flaw allows attackers with root access in a guest virtual machine to escape to the host and execute arbitrary code, affecting both Intel and AMD systems. The vulnerability stems from a use-after-free issue in KVM's shadow MMU emulation, which can lead to host kernel crashes or full control over the host and other guests. The bug was disclosed by researcher Hyunwoo Kim and has been patched as of July 4, 2026. It poses a significant risk to multi-tenant cloud environments, such as those used by major providers like Google Cloud and AWS. Administrators are urged to apply the patch immediately to mitigate risks.
Key Points: • Januscape (CVE-2026-53359) allows guest VMs to escape and control the host system. • The vulnerability has existed for 16 years and affects both Intel and AMD architectures. • A patch has been released; administrators must ensure it is applied to secure their systems.