A 16-year-old vulnerability in the Linux KVM hypervisor, known as Januscape, has been discovered, allowing attackers to escape from guest virtual machines and potentially crash host systems. The bug, designated as CVE-2026-53359, is a use-after-free vulnerability that affects both Intel and AMD processors, making it a significant concern for cloud security1. This vulnerability has been present in the kernel since August 2010 and can be exploited by code running inside a guest virtual machine to corrupt host kernel memory. The fact that it works across both Intel and AMD systems makes it a unique and potentially high-impact threat. As a result, cloud providers and users should be aware of the potential risks and take necessary precautions to mitigate them, particularly given the ongoing discussions involving AMD regarding the exploitation status of this vulnerability, which will determine whether immediate patching or continued monitoring is required.
Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks
⚡ High Priority
Why This Matters
CVE-2026-53359 is in active discussion involving AMD — exploitation status determines whether this is patch-now or monitor.
References
- SecurityAffairs. (2026, July 7). Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks. SecurityAffairs. https://securityaffairs.com/194868/security/januscape-16-year-old-linux-kvm-bug-enables-cloud-vm-escape-attacks.html
Original Source
SecurityAffairs
Read original →