The Hacker News ·EN News source PoC publicKVM Hypervisor
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
CVE Tools coverage
A use-after-free bug in Linux’s KVM shadow MMU can be triggered from a guest VM to corrupt host kernel shadow-page state, with a public proof-of-concept able to panic the host. The issue, tracked as CVE-2026-53359 (“Januscape”), affects KVM on Intel and AMD x86 systems and matters because a malicious tenant could potentially crash the host and, in reported research, even reach host code execution under the right conditions (root in the guest and nested virtualization enabled). Fixes have been merged as commit 81ccda30b4e8 and stable releases include kernel versions such as 7.1.3, 6.18.38, 6.12.95, 6.6.144, 6.1.177, 5.15.211, and 5.10.260.