BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

New Linux KVM Bug Lets Guest Crash Host

Severe 'Januscape' KVM hypervisor bug lets guest VM crash or control host server.

  • A critical vulnerability dubbed ‘Januscape‘ (CVE-2026-53359) allows a guest virtual machine to panic or potentially execute code on the host KVM hypervisor.
  • The flaw is a use-after-free bug in Linux’s KVM shadow MMU code, present since 2010 and exploitable on both Intel and AMD x86 processors.
  • The bug requires the guest to have root access and for nested virtualization to be enabled on the host, a common scenario in multi-tenant cloud environments.
  • Security researcher Hyunwoo Kim (@v4bel) found the flaw, which has been patched in stable kernel versions as of July 4, 2026.

Security researcher Hyunwoo Kim (@v4bel) has disclosed a severe vulnerability in the Linux KVM hypervisor that allows a malicious virtual machine guest to crash or potentially take full control of the host server. Dubbed ‘Januscape‘, this 16-year-old bug exploits a use-after-free condition in the shadow MMU code shared by Intel and AMD platforms. Kim described it as the first publicly known guest-to-host exploit triggerable on both major x86 vendors.

- Advertisement -

The flaw stems from KVM incorrectly reusing shadow page table tracking pages. Consequently, this mismanagement corrupts the hypervisor’s internal memory state. The public proof-of-concept reliably crashes the host kernel, causing a denial-of-service for all other VMs on the same physical machine.

However, Kim claims a separate, unreleased exploit chain can turn the same bug into full host code execution. This attack path requires no cooperation from userspace software like QEMU. It is purely an in-kernel vulnerability within KVM itself.

According to Kim, the exploit was submitted to Google’s kvmCTF bug bounty program. Januscape is his third major Linux kernel exploit disclosure in recent months, following Dirty Frag and ITScape for ARM64. The practical impact is significant for any x86 cloud host running untrusted guests with nested virtualization enabled.

A one-line patch from KVM maintainer Paolo Bonzini fixes the issue by ensuring page reuse checks both the address and role. Meanwhile, administrators who cannot patch immediately should disable nested virtualization on their hosts. Stable kernels containing the fix began shipping on July 4, 2026.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Microsoft lays off 1,600, refocuses Xbox on AI

Microsoft is laying off approximately 1,600 Xbox employees immediately and eliminating another 1,250 roles...

China-linked hackers target Indian taxpayers via tax phishing

A suspected China-nexus cyber campaign named Operation DragonReturn is targeting Indian taxpayers and financial...

Alphabet Launches Two New AI Models, Eyes Stock Boost

Alphabet launches two new AI models, Nano Banana 2 Lite and Gemini Omni Flash,...

Nvidia’s Kyber AI rack delayed to 2028: report

NVIDIA's next-generation Kyber server rack, designed for Rubin Ultra chips, is delayed to 2028...

TrojPix Air-Gap Attack Uses Monitor Cables

Researchers at Shandong University have demonstrated a new covert data exfiltration technique called TrojPix.The...

Must Read

Best Metaverse Tokens to Buy on Binance for 10X Gains

Ever since Facebook renamed their company to Meta, as well as their plans to build a metaverse where we can travel into using Virtual...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading