Januscape is a 16-year-old Linux kernel vulnerability, tracked as CVE-2026-53359, that lets attackers escape a KVM virtual machine and execute code as root on the host. The flaw affects multi-tenant cloud environments and can be chained with Dirty Frag to achieve full compromise on unpatched systems. #Januscape #CVE-2026-53359 #KVM #DirtyFrag
Keypoints
- Januscape is a guest-to-host escape flaw in the Linux kernel.
- It stems from a use-after-free issue in KVM/x86 shadow MMU emulation.
- The vulnerability existed for about 16 years before being patched in June 2026.
- Exploitation can lead to root access on the host and impact other guest VMs.
- Administrators should verify that patch commit 81ccda30b4e8 is applied.