CVE Tools
Back to feed
The Hacker News ·EN News source PoC publicKVM Hypervisor

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

By The Hacker News··5 min read
CVE Tools coverage

A use-after-free bug in Linux’s KVM shadow MMU can be triggered from a guest VM to corrupt host kernel shadow-page state, with a public proof-of-concept able to panic the host. The issue, tracked as CVE-2026-53359 (“Januscape”), affects KVM on Intel and AMD x86 systems and matters because a malicious tenant could potentially crash the host and, in reported research, even reach host code execution under the right conditions (root in the guest and nested virtualization enabled). Fixes have been merged as commit 81ccda30b4e8 and stable releases include kernel versions such as 7.1.3, 6.18.38, 6.12.95, 6.6.144, 6.1.177, 5.15.211, and 5.10.260.