CVE-2026-53359 ‘Januscape’: 16-Year-Old Linux KVM Guest-to-Host VM Escape Affects Intel and AMD x86 Systems

CVE-2026-53359 ‘Januscape’: 16-Year-Old Linux KVM Guest-to-Host VM Escape Affects Intel and AMD x86 Systems

CVE: CVE-2026-53359 | CVSS 3.1: N/A (pending) | Vendor: Linux Kernel | Product: KVM (Kernel-based Virtual Machine) | Affected: Linux x86 KVM hypervisor — both Intel and AMD processors | Discovery: Google kvmCTF program ($250K reward)


What Is the Vulnerability

CVE-2026-53359, dubbed ‘Januscape’, is a use-after-free vulnerability in Linux KVM’s shadow MMU (Memory Management Unit) code that has existed for approximately 16 years. The flaw allows a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. The vulnerability is triggerable on both Intel and AMD x86 systems — making it a cross-platform VM escape. Public proof-of-concept code causes a host kernel panic (denial of service). The researcher, Hyunwoo Kim (@v4bel), claims a separate unreleased exploit achieves full host code execution from within a guest VM. The bug was discovered through Google’s kvmCTF program, which offers up to $250,000 for full guest-to-host escapes.


Versions Affected

  • Linux kernel KVM hypervisor — x86 architecture — approximately 16 years of affected versions

Affects both Intel and AMD processor platforms. The shadow MMU code is shared across both architectures. Cloud providers, hosting companies, virtualisation clusters, and any organisation running multi-tenant KVM is affected.


Exploited?

No confirmed exploitation in the wild. The vulnerability was responsibly disclosed through Google’s kvmCTF program. However, a public PoC exists that causes host panic, and the researcher claims a full code-execution exploit exists (unreleased). Given the severity of a guest-to-host VM escape, threat actors are likely to attempt to develop their own exploits.


Fix

KVM patches are being distributed through Linux kernel stable updates. Apply immediately.

  • Primary fix: Update the Linux kernel to a patched version containing the KVM shadow MMU fix.
  • Workaround: Limit guest VM access to trusted workloads only. Monitor for signs of hypervisor compromise.

Recommendations

  • Patch immediately: Apply kernel updates as Linux distributions release them. Prioritise multi-tenant environments.
  • Cloud providers: This is a critical risk for any provider offering KVM-based virtual machines to untrusted tenants.
  • Monitor for PoC: The public PoC causes host panic — any unexplained host crashes in KVM environments should be investigated.
  • Review isolation: Consider additional VM isolation controls for untrusted or high-risk workloads.

References


Part of the Vulnerability Intelligence series on threat-modeling.com. July 7, 2026 Report.

Connect with me

Enter your Email address if you want to connect and receive threat modeling updates (I won’t spam you or share your contact details).

AND / OR

Try my threat modeling tool, it's completely free to use.

Thanks for signing up!