ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
CRITICAL Vulnerabilities

Linux KVM Januscape bug enables guest VMs to corrupt host state

Source headline: 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

Threat level Critical
Signal strength 80/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

Linux KVM has a use-after-free flaw that can be triggered from a guest VM. The bug corrupts the shadow-page state in the host kernel by affecting KVM’s shared shadow MMU code. It impacts Intel and AMD x86 systems that use the KVM shadow MMU path. A public proof-of-concept can panic the host, indicating serious reliability and isolation risk. Users running KVM-based virtualization should monitor for upstream fixes and apply patched kernels when available.

Recommended Action

Prioritize immediate review, validate exposure, and patch or mitigate affected systems.

Topics

#linux #cve-2026-53359 #guest-escape #hypervisor #kvm #shadow-mmu
Original reporting The Hacker News 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
Open original source