A bug that’s been sitting in Linux’s KVM hypervisor for 16 years can let a guest virtual machine break out and take over the host. It affects both Intel and AMD x86 systems.
Dubbed Januscape and tracked as CVE-2026-53359, the flaw lives in the shadow MMU code — the part of KVM that manages memory page tables for virtual machines. The issue is a use-after-free bug. KVM sometimes reuses the wrong type of tracking page because it matches by memory address alone, ignoring what the page is actually supposed to do.
Security researcher Hyunwoo Kim found it. He says it’s the first publicly known guest-to-host exploit that works on both Intel and AMD hardware. The vulnerable code dates back to August 2010 (kernel 2.6.36). The fix was merged into mainline on June 19, 2026.
The public proof-of-concept crashes the host — hard. Take down the host, and every other VM on that machine goes with it. But Kim claims a separate, unreleased exploit turns the same bug into full code execution on the host.
You need two things from the guest side to pull this off: root access inside the VM and nested virtualization enabled. On rented cloud instances, root inside your own VM is standard. Nested virtualization is less common but not rare. The bug doesn’t need anything from QEMU or any userspace VMM — it’s purely a kernel problem.
On distributions where /dev/kvm is world-writable (like RHEL), the risk goes up. Any user on the system can start a VM with the right settings and attempt the exploit.
The practical takeaway: if you’re hosting untrusted VMs with nested virtualization turned on, patch now. The fix is in the kernel tree. Waiting isn’t a good option.
