Security · 2h ago
16-Year-Old KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD
A use-after-free bug in Linux's KVM hypervisor, tracked as CVE-2026-53359, allows guest VMs to corrupt host kernel memory. The flaw, dubbed Januscape, affects both Intel and AMD x86 systems and has existed for 16 years. A public proof-of-concept panics the host, with a separate exploit claimed to enable full VM escape.
Meridian48 take
While the PoC only crashes the host, the potential for a full escape exploit makes this a critical vulnerability for cloud providers and virtualization users.
Read the full reporting
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems →
The Hacker News
kvm-flawvm-escape