
Januscape Flaw in Linux KVM’s MMU Code Enables VM Escape on Intel and AMD
A newly disclosed Linux kernel vulnerability, CVE-2026-53359, dubbed Januscape, has exposed a critical weakness in the Linux Kernel-based Virtual Machine (KVM) hypervisor. The flaw resides in the shadow MMU code and allows attackers to escape a virtual machine (VM), compromise the underlying host, and potentially execute arbitrary code.
Security researchers warn that the issue poses a serious risk to multi-tenant x86 public cloud environments running untrusted guests with nested virtualization enabled.
Januscape Flaw Affects KVM Shadow MMU Code
Discovered by security researcher Hyunwoo Kim (@v4bel), CVE-2026-53359 is described as a use-after-free vulnerability in the KVM/x86 shadow ...