Linux-уязвимость Januscape позволяет атаковать хост из гостевой VM
A critical vulnerability named Januscape has been discovered in the KVM hypervisor, allowing attackers to break out of a guest virtual machine and execute code with root privileges on the host system. Identified as CVE-2026-53359, this use-after-free flaw exists in the KVM/x86 memory address translation mechanism and affects x86-based systems using Intel or AMD processors. The issue was present in the Linux kernel for nearly 16 years before being patched. A proof-of-concept exploit can trigger a kernel panic, potentially crashing the entire physical server and all hosted VMs. This poses a serious risk to multi-tenant cloud environments where nested virtualization is enabled. Patches have been released in stable kernel versions including 7.1.3, 6.18.38, and others. Administrators are advised to update their systems or disable nested virtualization if patching is not immediately possible.