The point: A 16-year-old Linux kernel vulnerability allows VM escape and thus the takeover of the host system with kernel privilege.
A kernel vulnerability in Linux that has existed for 16 years, named Januscape, allows attackers to escape from virtual machines and execute arbitrary code on the host system. The security flaw affects Intel and AMD processors.
The Januscape vulnerability is a long-unknown weakness in the Linux kernel that makes it possible to break through the isolation of virtual machines. An attacker with access to a VM can exploit this vulnerability to execute arbitrary code with kernel privilege on the host system and thus gain complete control over the physical hardware.
The vulnerability affects virtualization environments on Intel and AMD processors. It exists in a fundamental component of the kernel, underscoring the broad impact of the problem. Such a VM escape vulnerability represents a critical threat, particularly in multi-tenant environments and cloud infrastructures where isolation between different users and workloads is essential.
For CISOs with virtualized or cloud-based infrastructures, timely evaluation is required to determine whether the affected kernel versions are in use. The 16-year lifespan of the vulnerability suggests that it remained under the radar for a long time and may have already been exploited.
Source: www.bleepingcomputer.com · Published 7 July 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.