← All stories
● Covered by 1 source Β· 1 reportHigh impact

Critical KVM Vulnerability Allows Guest VMs to Escape on Intel and AMD Systems

Aggregated by BrevFeed security Β· updated 1h ago
πŸ”– Save

A use-after-free vulnerability in Linux's KVM hypervisor, tracked as CVE-2026-53359, allows guest virtual machines to potentially execute arbitrary code on the host. Previously undetected for 16 years, this flaw poses significant risks for cloud service providers and virtualized environments as it can lead to host-system compromise through mismanaged memory access.

Key points

Overview of the Vulnerability

The Januscape vulnerability in the Linux KVM hypervisor relies on a use-after-free bug. It enables a guest VM to corrupt the shadow-page state of the host kernel, which can result in a crash of the host or even arbitrary code execution if exploited further.

Technical Details of the Flaw

The flaw exists in the shadow MMU code shared by both Intel and AMD processors, specifically how KVM manages its page tables. It matches tracking pages by memory address only, disregarding their type, which can lead to critical errors in memory management.

Implications of the Vulnerability

With the ability for a guest VM to cause a host crash or potentially execute arbitrary code, this flaw is particularly alarming for cloud service providers. Many cloud instances operate with root access from guests, making exploitation easier.

Response and Mitigation

The bug remained undiscovered for over 16 years before being reported. The vulnerability was addressed in commit 81ccda30b4e8, merged on June 19, 2026. Users of KVM are urged to update to the latest version to mitigate risks.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

GitHub V4bel/Januscape GitHub V4bel/dirtyfrag GitHub V4bel/ITScape CVE CVE-2026-53359 CVE CVE-2026-432848.8 HIGH CVE CVE-2026-435007.8 HIGH

Reporting from

A use-after-free vulnerability in Linux's KVM hypervisor, tracked as CVE-2026-53359, allows guest virtual machines to potentially execute arbitrary code on the host. Previously undetected for 16 years, this flaw poses significant risks for cloud service providers and virtualized environments as it can lead to host-system compromise through mismanaged memory access.