A newly disclosed Linux kernel flaw, tracked as CVE-2026-53359 and nicknamed Januscape, can let an attacker escape a KVM virtual machine and execute code on the host. The issue affects shadow MMU code, threatens multi-tenant public clouds, and was demonstrated by Hyunwoo Kim as a zero-day in Google kvmCTF. #CVE-2026-53359 #Januscape #KVM #GooglekvmCTF #HyunwooKim
Keypoints
- Januscape is a Linux kernel vulnerability tracked as CVE-2026-53359.
- The flaw affects the shadow MMU code in the KVM hypervisor.
- It can enable VM escape and code execution on the host system.
- The bug threatens multi-tenant public clouds and nested virtualization setups.
- It was shown as a zero-day in Google kvmCTF and patched in mainline on June 19.
Read More: https://www.securityweek.com/linux-kernel-vulnerability-allows-vm-escape-on-intel-and-amd-systems/