New Linux kernel flaw allows VM escape on Intel, AMD devices
ID: b8104eff-fd34-5029-a80f-85adb7283c2b
STIX ID: report--b8104eff-fd34-5029-a80f-85adb7283c2b
Feed Name: Bleeping Computer
Januscape (CVE-2026-53359) is a 16-year-old use-after-free bug in KVM/x86 shadow MMU emulation that enables guest-to-host escapes, allowing attackers with access inside a VM to crash the host kernel or execute code as root on the host — jeopardizing all co-located guests on multi-tenant cloud hosts; a proof-of-concept that triggers host panics was published and a patch (commit 81ccda30b4e8) was released in June 2026, with administrators urged to apply the patch. The report also warns of chaining Januscape with other local privilege escalation issues (e.g., Dirty Frag) and highlights specific distro misconfigurations (e.g., world-writable /dev/kvm on some RHEL installs) that increase risk.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
