New Januscape Linux flaw allows VM escape on Intel, AMD devices

New Januscape Linux flaw allows VM escape on Intel, AMD devices
Januscape is a 16-year-old Linux kernel vulnerability, tracked as CVE-2026-53359, that lets attackers escape a KVM virtual machine and execute code as root on the host. The flaw affects multi-tenant cloud environments and can be chained with Dirty Frag to achieve full compromise on unpatched systems. #Januscape #CVE-2026-53359 #KVM #DirtyFrag

Keypoints

  • Januscape is a guest-to-host escape flaw in the Linux kernel.
  • It stems from a use-after-free issue in KVM/x86 shadow MMU emulation.
  • The vulnerability existed for about 16 years before being patched in June 2026.
  • Exploitation can lead to root access on the host and impact other guest VMs.
  • Administrators should verify that patch commit 81ccda30b4e8 is applied.

Read More: https://www.bleepingcomputer.com/news/linux/new-januscape-linux-kernel-flaw-allows-vm-escape-on-intel-amd-devices/