Skip to content

KVM Vulnerability Enables VM-Escape and Takeover of Linux Host Systems

At a glance: A 16-year-old KVM vulnerability (CVE-2026-53359) enables VM-to-host escape on Intel/AMD systems and requires immediate kernel updates to secure VM isolation.

A critical vulnerability in KVM (Kernel-based Virtual Machine) of the Linux kernel allows attackers with root access in a guest VM to execute arbitrary code on the host system. The security boundary between VMs is thus compromised — a central requirement for isolation in cloud infrastructures.

The vulnerability CVE-2026-53359 is based on a use-after-free error in the shadow-MMU emulation of KVM on x86 processors. Security researcher Hyunwoo Kim discovered the flaw and named it Januscape. The flaw has existed for 16 years in the Linux kernel code and is the first VM-escape that works on both Intel and AMD CPUs.


Source: www.csoonline.com · Published July 7, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: