Januscape KVM CVE-2026-53359 guest-to-host escape
Summary
Januscape is public research and proof-of-concept material for CVE-2026-53359, a KVM/x86 shadow-MMU use-after-free that can be triggered from inside a guest VM and corrupt host-kernel KVM state. Hyunwoo Kim (@v4bel) disclosed the issue after the linux-distros embargo ended and said it had been used successfully as a zero-day submission in Google's kvmCTF program.
The released proof of concept demonstrates host-kernel denial of service. The researcher states that a separate full guest-to-host code-execution exploit exists in a controlled environment but has not been released.
Tags
- ops
- operations
- vulnerability
- exploitation
- Linux
- Linux kernel
- KVM
- KVM escape
- guest-to-host escape
- hypervisor escape
- virtualization
- nested virtualization
- shadow MMU
- CVE-2026-53359
- Januscape
- Hyunwoo Kim
- V4bel
- kvmCTF
- multi-tenant cloud
- local privilege escalation
- /dev/kvm
Why this matters
- This is a cloud and virtualization isolation issue, not just a local Linux bug: hosts that run untrusted x86 guests with nested virtualization exposed are the highest-risk shape.
- The public PoC is sufficient for host panic / denial of service from a guest VM; Kim says the unreleased exploit can execute as root on the host, which would expose the host and co-resident guests.
- The bug lived in KVM/x86 shadow MMU code for roughly 16 years, from Linux commit
2032a93d66fain 2010 through the June 2026 fix commit81ccda30b4e8. - The vulnerable path is in in-kernel KVM, not QEMU userspace emulation, so changing QEMU alone is not a mitigation.
- On distributions where
/dev/kvmis world-writable, such as RHEL configurations called out by the researcher, the same issue may also be reachable as a local privilege-escalation path.
Public vulnerability detail
- Name: Januscape.
- CVE:
CVE-2026-53359. - Component: Linux KVM/x86 shadow MMU.
- Bug class: use-after-free / wrong shadow-page reuse leading to host-kernel KVM state corruption.
- Architectures: x86 KVM hosts on Intel and AMD. The researcher says arm64 is not affected by Januscape, while separately warning that unpatched arm64 KVM hosts should address the earlier ITScape
CVE-2026-46316issue. - Reachability: guest-side actions from a VM with guest kernel privilege; public-cloud style instances commonly give tenants root inside their own guest.
- Observed program context: reported through Google kvmCTF as a zero-day exploit submission.
- Released exploit status: public PoC can panic the host; full guest-to-host code execution is claimed but withheld.
- Patch reference: Linux mainline fix commit
81ccda30b4e8; operators should consume distribution kernel advisories/backports and reboot into the fixed kernel.
Defender heuristics
- Prioritize patch validation and reboots for x86 KVM hosts that run untrusted guests, nested virtualization, shared CI/runner VMs, research sandboxes, hosting platforms, and private-cloud clusters.
- Confirm the running host kernel includes the Januscape fix or vendor backport; do not rely on package-install state without reboot evidence.
- If patching is delayed, reduce exposed preconditions where business impact permits: disable or restrict nested virtualization for untrusted tenants, limit access to
/dev/kvm, and separate high-risk workloads from multi-tenant hosts. - Inventory systems where
/dev/kvmis mode0666or otherwise reachable by unprivileged local users; treat those hosts as potentially exposed to LPE chaining if the kernel is unpatched. - Watch for unexpected nested-virtualization enablement, KVM module activity, host panics involving KVM shadow-MMU paths, and guest workloads that attempt low-level virtualization operations outside expected CI or lab contexts.
- For suspected exploitation, preserve host kernel logs, hypervisor telemetry, VM assignment history, tenant/workload provenance, crash dumps, and cloud-control-plane records before rebuilding or migrating hosts.
- Scope and rotate secrets accessible to co-resident guest workloads if a host escape is plausible; a claimed host-root path would put other guests, attached storage, and management-plane credentials at risk.
Related pages
- Linux DirtyClone CVE-2026-43503 local privilege escalation
- Linux Bad Epoll CVE-2026-46242 local privilege escalation
- Linux pedit COW CVE-2026-46331 local privilege escalation
Sources
- Hyunwoo Kim / V4bel Januscape repository: https://github.com/V4bel/Januscape
- Linux fix commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=81ccda30b4e8
- The Hacker News: https://thehackernews.com/2026/07/16-year-old-linux-kvm-flaw-lets-guest.html