A critical vulnerability has been identified in the Linux Kernel-based Virtual Machine (KVM) hypervisor, allowing guest virtual machines (VMs) to escalate privileges and execute code on the host system. This flaw, designated as CVE-2026-53359 and nicknamed ‘Januscape,’ has been present in the KVM codebase for approximately 16 years, affecting both Intel and AMD x86 architectures.
The issue stems from a use-after-free error within KVM’s shadow Memory Management Unit (MMU) code. This bug enables a malicious guest VM to corrupt the host kernel’s shadow-page state. A proof-of-concept exploit has been released that causes the host system to crash, and researchers indicate that a more advanced, unreleased exploit could achieve full code execution on the host.
Security researcher Hyunwoo Kim discovered and reported this vulnerability. He noted that Januscape is the first known exploit capable of facilitating guest-to-host escapes on both Intel and AMD platforms. The flaw had remained undetected for nearly 16 years.
Technical Details
KVM utilizes shadow page tables to mirror the memory layout of guest VMs. When allocating these tracking pages, KVM matched them based solely on memory addresses, disregarding their specific types. This oversight led to the reuse of incorrect tracking pages, resulting in the corruption of KVM’s internal records. Such corruption can cause the host kernel to crash or, in more severe cases, allow an attacker to execute arbitrary code on the host system.
The vulnerability affects both Intel and AMD processors, with the final exploitation steps varying between the two architectures.
Affected Systems
The flawed code has been part of the KVM project since August 2010, corresponding to kernel version 2.6.36. A patch addressing this issue was merged into the mainline kernel on June 19, 2026. Systems running kernels prior to this patch are vulnerable.
Exploitation requires the attacker to have root access within the guest VM and for the host to have nested virtualization enabled. This configuration is common in cloud environments where tenants run untrusted VMs. An attacker could rent a vulnerable instance and potentially crash the host, affecting all other VMs on the same physical machine.
Kim also highlighted that on distributions where the /dev/kvm device is world-writable, such as Red Hat Enterprise Linux (RHEL), this vulnerability could be exploited for local privilege escalation to root.
Researcher’s Recent Findings
Januscape is the third significant Linux kernel exploit disclosed by Kim in recent months. In May 2026, he revealed ‘Dirty Frag’ (CVE-2026-43284 / CVE-2026-43500), a vulnerability chain that allows deterministic root access on major distributions. In June, he published ‘ITScape’ (CVE-2026-46316), the first publicly demonstrated guest-to-host escape on KVM for ARM64 architectures.
These discoveries underscore the importance of continuous security research and prompt patching of identified vulnerabilities to maintain system integrity.
Mitigation and Recommendations
The vulnerability has been addressed with a one-line code addition to the kvm_mmu_get_child_sp() function, ensuring that shadow pages are only reused when both the frame number and role match. This patch was authored by KVM maintainer Paolo Bonzini.
Updated stable kernel versions containing the fix were released on July 4, 2026, including versions 7.1.3, 6.18.38, 6.12.95, 6.6.144, 6.1.177, 5.15.211, and 5.10.260. Administrators are advised to verify that their systems include commit 81ccda30b4e8. Distribution-specific backports may carry the fix under different version numbers, so consulting package changelogs is recommended.
For systems unable to apply the patch immediately, disabling nested virtualization (using kvm_intel.nested=0 or kvm_amd.nested=0) can mitigate the risk from untrusted guests. ARM64 hosts are not affected by Januscape but should be aware of the separate ‘ITScape’ vulnerability (CVE-2026-46316).
Given the availability of a public proof-of-concept that can reliably crash the host from a guest VM, it is imperative to treat exposed x86 KVM hosts with nested virtualization as high-priority for patching.
This incident highlights the critical need for regular security audits and timely updates in virtualization environments to prevent potential exploits that could compromise entire systems.