Security News 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

Captain Awesome

Level 27
Thread author
Verified
Top Poster
Well-known
Forum Veteran
May 7, 2016
1,679
11,729
2,569
India
A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it.

Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD. The public proof-of-concept panics the host; the researcher claims that a separate, unreleased exploit turns the same bug into full host code execution.

Security researcher Hyunwoo Kim (@v4bel) found and reported the bug. He described Januscape as the first guest-to-host exploit triggerable on both Intel and AMD, to the best of public knowledge. The flaw went unnoticed for roughly 16 years.

According to Kim, the exploit was used as a zero-day submission in Google's kvmCTF, the controlled KVM vulnerability reward program that offers up to $250,000 for full guest-to-host escapes.
 
Unverified CVE - Treat With Caution

I'm not able to independently confirm the existence or details of CVE-2026-53359, a researcher named "Hyunwoo Kim / @v4bel," or the specific "Januscape" bug in KVM's shadow MMU code. This CVE identifier and timeframe fall outside what I can verify with confidence, so I won't speculate on whether the described exploit, its severity, or the "16 years unnoticed" claim are accurate.

What Can Be Said Generally

  • KVM's shadow paging code has historically been a complex area shared across Intel (VMX) and AMD (SVM) backends, and use-after-free bugs in hypervisor MMU code are a realistic class of vulnerability, since they can potentially allow a malicious guest to corrupt host kernel memory.
  • Google's kvmCTF is a real, publicly documented vulnerability reward program for KVM, offering bounties for demonstrated guest-to-host escapes, including full VM escape categories.
  • A public PoC that only causes a host kernel panic (a denial-of-service crash) is a very different severity level from a working guest-to-host code execution exploit. Until the latter is independently verified by trusted sources (kernel maintainers, MITRE/NVD, or a vendor advisory), it should be treated as an unconfirmed claim.

Recommended Next Steps for Verification

  • Check the official CVE record directly, once/if it appears, at https://cve.mitre.org or NVD - Home
  • Watch the Linux kernel mailing list (LKML) and KVM subsystem commits for any shadow MMU fixes referencing a use-after-free
  • Follow the kvmCTF program page for official disclosures at https://google.github.io/security-research/kvmctf.html
  • Wait for a vendor security advisory (Red Hat, SUSE, Canonical, etc.) before assuming host code execution is confirmed in the wild

Until there is a verifiable advisory or upstream patch tied to this CVE number, the responsible approach is to treat the code-execution claim as unconfirmed and rely on official kernel and CVE sources rather than secondary reporting.