16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
A use-after-free flaw in Linux KVM, tracked as CVE-2026-53359 and nicknamed Januscape, can be triggered from a guest VM to panic the host and potentially lead to host code execution on both Intel and AMD systems. The issue affects the legacy shadow MMU path in x86 KVM, and the fix requires matching both the guest frame number and page role before reusing a shadow page. #Januscape #CVE-2026-53359 #KVM #LinuxKernel #PaoloBonzini #HyunwooKim

Keypoints

  • Januscape is a guest-to-host KVM bug tracked as CVE-2026-53359.
  • The flaw is a use-after-free in KVM’s shadow MMU code.
  • A guest VM can trigger a host panic through nested virtualization.
  • The issue affects x86 KVM on both Intel and AMD processors.
  • The fix checks role.word and gfn before reusing a shadow page.

Read More: https://thehackernews.com/2026/07/16-year-old-linux-kvm-flaw-lets-guest.html