Linux Kernel Flaw in KVM Can Let Attackers Break Out of Virtual Machines

Researchers have disclosed a Linux kernel vulnerability that could allow a malicious virtual machine to escape its sandbox and affect the host system. The issue, tracked as CVE-2026-53359 and nickname...

Researchers have disclosed a Linux kernel vulnerability that could allow a malicious virtual machine to escape its sandbox and affect the host system. The issue, tracked as CVE-2026-53359 and nicknamed Januscape, affects the Kernel-based Virtual Machine (KVM) hypervisor’s shadow MMU code.

The flaw is significant for cloud and hosting environments that run untrusted workloads, especially x86 systems using nested virtualization. According to researchers, it is the first KVM exploit demonstrated to work across both Intel and AMD platforms.

The bug was identified by security researcher Hyunwoo Kim, who showed the issue as a zero-day in Google’s kvmCTF program. That contest-style bug bounty offers rewards of up to $250,000 for full VM escape vulnerabilities. Kim said the problem is a use-after-free condition that can be abused from inside a guest to corrupt the host kernel’s shadow page state.

Why the issue matters

If exploited successfully, Januscape could let an attacker move from a guest VM into the underlying host. That opens the door to two major outcomes:

  • Disrupting other tenants on the same physical server by crashing the host kernel
  • Gaining root-level code execution on the host and potentially controlling all guest machines on that system

Kim noted that on some Linux distributions, including Red Hat Enterprise Linux, the flaw may also be used by unprivileged local users to gain root privileges.

In practice, exploitation requires root access inside the guest VM. That level of access is often granted by default to cloud customers who are assigned their own instances. Where root is not available, attackers could combine the flaw with another privilege escalation bug to reach the required level, Kim said.

Patch status

The vulnerability remained hidden in the Linux kernel for 16 years before being fixed. It was merged into the mainline kernel on June 19 in commit 81ccda30b4e8.

The disclosure adds to a growing list of Linux kernel flaws that have been used or demonstrated for privilege escalation and host compromise, underscoring the risks faced by providers running shared infrastructure.