Januscape Linux flaw can let attackers break out of virtual machines on Intel and AMD systems

A long-running Linux kernel bug has been fixed after security researchers showed it could let an attacker escape a virtual machine and run code on the underlying host. The issue, tracked as CVE-2026-5...

A long-running Linux kernel bug has been fixed after security researchers showed it could let an attacker escape a virtual machine and run code on the underlying host. The issue, tracked as CVE-2026-53359 and nicknamed Januscape, affects the KVM/x86 virtualization layer used on both Intel and AMD processors.

According to researcher Hyunwoo Kim, the flaw is a use-after-free condition in KVM’s shadow MMU emulation code. He said the bug had been present for roughly 16 years before being patched in June 2026. The problem was serious enough to be used as a zero-day in Google’s kvmCTF vulnerability reward program before public disclosure.

If exploited, Januscape could allow a guest system to break out of its sandbox and execute commands as root on the host. In a cloud environment, that could mean one compromised virtual machine affecting other tenants sharing the same physical server. At minimum, an attacker could cause a denial-of-service event by crashing the host kernel; in worse cases, they could seize control of the host and other virtual machines.

Why the flaw matters

  • It impacts KVM/x86 on both Intel and AMD hardware.
  • It may be especially relevant to multi-tenant public cloud platforms.
  • On some Linux distributions, world-writable access to /dev/kvm could make exploitation easier for local users.

Kim said he has published technical details and a proof-of-concept that triggers a host kernel panic, but not a full guest-to-host escape exploit. He noted that he does not plan to release a complete weaponized exploit in the near future.

System administrators running KVM hosts that accept guest workloads should make sure the relevant fix has been applied, including patch commit 81ccda30b4e8. Kim also warned that Januscape could potentially be combined with other Linux privilege-escalation bugs to increase impact in some scenarios.

For organizations running virtualization at scale, the disclosure is another reminder that guest isolation depends not only on hypervisor settings, but also on the security of the underlying kernel code.