Januscape lets KVM guests escape on Intel, AMD hosts

CVE-2026-53359 (Januscape) is a use-after-free in KVM’s shadow MMU that lets guest VMs escape and run code on Intel and AMD x86 hosts; mainline patch merged June 19.

Security researcher Hyunwoo Kim disclosed CVE-2026-53359, nicknamed Januscape, a use-after-free defect in the Linux Kernel-based Virtual Machine (KVM) shadow MMU that allows a guest VM to escape and execute code on the host. Kim demonstrated the issue at Google’s kvmCTF bug bounty event, which offers rewards for full VM escape findings.

The flaw lets code running inside a guest corrupt the shadow page state the host kernel uses to track guest memory mappings. The shadow MMU maintains translations from a guest’s virtual addresses to the host’s physical memory. Corrupting that state can change how the host translates memory and can be used to crash the host kernel or execute code at host privilege levels.

Exploitation requires the ability to run privileged operations inside the guest. Many cloud instances give users administrator access by default, and an attacker could chain Januscape with a local privilege-escalation bug to gain the needed rights; Dirty Frag was cited as an example of a chaining candidate. On some Linux distributions, including certain Red Hat Enterprise Linux configurations, the defect can be used by unprivileged users to gain root.

Januscape affects x86 hosts powered by both Intel and AMD processors. Kim’s write-up notes that a tenant with a single rented VM could panic the host kernel to disrupt other tenant VMs (denial of service) or run code with root privileges on the host to take over the host and its guests. “For example, an attacker who has rented just a single instance on a public cloud could panic the host kernel to take down every other tenant VM on the same physical machine (DoS), or run code with root privilege on the host to take over the host and all the guests on it (RCE),” Kim wrote.

The bug was present in the kernel for about 16 years before a fix was merged into mainline on June 19 under commit 81ccda30b4e8. The patch fixes the use-after-free condition in shadow page handling. Cloud operators, Linux distributors and administrators can apply the mainline patch or vendor backports and track CVE-2026-53359 for remediation. The Januscape report notes it is the first known KVM exploit demonstrated to work on both Intel and AMD platforms.

Articles by this author

No posts found.