[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fN5tXuETuUc39ngeEi7kneR_XAFsq6oJsXlmh5Vokcso":3},{"article":4,"iocs":57},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":34,"category":35,"article_tags":39},"29b864f0-bef7-445d-868b-d3675ff52fb8","Linux Kernel Vulnerability Allows VM Escape on Intel and AMD Systems","linux-kernel-vulnerability-allows-vm-escape-on-intel-and-amd-systems-68c9c5","The 16-year-old Januscape flaw affects Linux's KVM hypervisor, allowing attackers to escape virtual machines and potentially execute code on the underlying host. The post Linux Kernel Vulnerability Allows VM Escape on Intel and AMD Systems appeared first on SecurityWeek.","A 16-year-old Linux kernel vulnerability, CVE-2026-53359 (Januscape), allows attackers to escape virtual machines and execute code on the host system. This use-after-free flaw impacts the KVM hypervisor's shadow MMU code and poses a significant risk to multi-tenant cloud environments, enabling potential denial-of-service or remote code execution on the host.","Linux KVM hypervisor vulnerability allows VM escape on Intel and AMD systems.","A newly disclosed Linux kernel vulnerability can be exploited to escape virtual machines (VMs) and execute code on the underlying host, security researchers warn. Tracked as CVE-2026-53359 and referred to as Januscape, the security defect impacts the shadow MMU code in Linux Kernel-based Virtual Machine (KVM) hypervisor. The guest-to-host vulnerability poses a major threat to multi-tenant x86 public clouds running untrusted guests and exposing nested virtualization. It is known to be the first KVM exploit that can be triggered on both Intel and AMD architectures. The flaw was discovered by security researcher Hyunwoo Kim (@v4bel), who demonstrated it as a zero-day in Google kvmCTF, the bug bounty program that works like a CTF event and offers up to $250,000 for full VM escape weaknesses. According to Kim, the vulnerability is a use-after-free vulnerability that can be triggered from the VM to corrupt the shadow page state of the host’s kernel. Successful exploitation of Januscape, the researcher explains, can lead to the full compromise of the host on which the VM is running.Advertisement. Scroll to continue reading. “For example, an attacker who has rented just a single instance on a public cloud could panic the host kernel to take down every other tenant VM on the same physical machine (DoS), or run code with root privilege on the host to take over the host and all the guests on it (RCE),” Kim explains. On certain Linux distributions, such as Red Hat Enterprise Linux (RHEL), the security defect can be exploited by unprivileged users to escalate their privileges to root. Januscape’s exploitation requires root privileges on the guest machine, which is typically available by default when a user is allocated a VM instance on a public cloud. If root access is not available, an attacker could chain the flaw with a privilege escalation bug, such as Dirty Frag, Kim says. CVE-2026-53359 stayed dormant in the Linux kernel for 16 years. It was patched in mainline on June 19, when commit 81ccda30b4e8 was merged. Related: Proof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access Vulnerability Related: ‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access Related: Organizations Warned of Exploited Linux Kernel Vulnerability Related: 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Agentic AI Used to Conduct Ransomware Attack via LangflowMedtronic Data Breach Impacts 3.8 Million PeopleAlleged Scattered Spider Hacker Extradited to USGoogle, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of DevicesCritical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code ExecutionNew CitrixBleed Vulnerability Exploited Immediately After Public DisclosureFortiBleed Campaign Linked to INC, Lynx Ransomware AttacksCisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability Latest News Keyfactor Scores $1 Billion+ Investment for AI, Post-Quantum SecurityBlogspot-Hosted Payloads Delivered in ‘Veil#Drop’ AttacksThe Shift Toward Business-Aligned Risk ManagementArmored Likho APT Targeting Government, Electric Power EntitiesNorth Korean Hackers Target Open Source Developers in Supply Chain Attacks Proof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access VulnerabilityPrompt Injection Attacks Trick AI Agents Into Making Crypto PaymentsIn Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 16, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveJames Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.Rafal Los has joined Binary Defense as Chief Strategy Officer.Tracey Mustacchio has joined Everfox as Chief Marketing Officer.More People On The MoveExpert Insights The Shift Toward Business-Aligned Risk Management Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. (Steve Durbin) How to Conduct a Successful Audit of AI-Driven Software Development As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. (Matias Madou) Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. (Joshua Goldfarb) The AI Token Costs That Can Break Cybersecurity As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. (Danelle Au) When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Flinux-kernel-vulnerability-allows-vm-escape-on-intel-and-amd-systems\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002FLinux-vulnerability-malware.jpeg","2026-07-07T10:00:00+00:00","2026-07-07T12:00:20.194266+00:00",9,[18,21,24,27,29,31],{"name":19,"type":20},"Linux Kernel-based Virtual Machine (KVM)","product",{"name":22,"type":23},"Shadow MMU","technology",{"name":25,"type":26},"Intel","vendor",{"name":28,"type":26},"AMD",{"name":30,"type":26},"Google",{"name":32,"type":33},"Januscape","campaign","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":34,"icon":36,"name":37,"slug":38},null,"Vulnerabilities","vulnerabilities",[40,45,50,52],{"category":41},{"id":42,"icon":36,"name":43,"slug":44},"574f766a-fb3f-487c-8d2c-0720ae75471b","Zero-day","zero-day",{"category":46},{"id":47,"icon":36,"name":48,"slug":49},"6cbdd207-aaa1-4176-9534-e156b125e917","Nation-state","nation-state",{"category":51},{"id":34,"icon":36,"name":37,"slug":38},{"category":53},{"id":54,"icon":36,"name":55,"slug":56},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[58,62,66],{"type":59,"value":60,"context":61},"cve","CVE-2026-53359","Januscape vulnerability in Linux KVM hypervisor",{"type":63,"value":64,"context":65},"mitre_attack","T1547.001","Exploitation for VM escape and host compromise",{"type":67,"value":68,"context":69},"malware","Dirty Frag","Chained with Januscape for privilege escalation if root access is not available"]