16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
ID: 01ec62a1-b16e-5442-9f97-81e1f3c32a7d
STIX ID: report--01ec62a1-b16e-5442-9f97-81e1f3c32a7d
Feed Name: The Hacker News
Threat Score
Januscape (CVE-2026-53359) is a long-standing use-after-free in KVM's shadow MMU that allows a guest VM (with root and nested virtualization enabled) to corrupt host shadow-page state, reliably panic hosts via a public PoC, and—per the researcher—may be weaponized into full host code execution; fixes were merged into mainline kernels on June 19, 2026 with stable backports published on July 4, 2026 and vendors releasing downstream updates.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
