securityaffairs.com 7/7/2026, 7:41:18 AM · external

Key KVM Flaw CVE-2026-53359 Lets Guest VMs Hijack Host Memory

Key KVM Flaw CVE-2026-53359 Lets Guest VMs Hijack Host Memory
Developing story vulnerability 3 articles tracked
Januscape KVM hypervisor escape vulnerability (CVE-2026-53359)
CyberSIXT Evidence Panel
Primary Source github.com
CISA KEV Not in KEV
Patch Patch Status Unknown

THE article discusses a critical vulnerability named Januscape (CVE-2026-53359) in the Linux KVM hypervisor, which has existed for 16 years and affects both Intel and AMD systems. This use-after-free vulnerability enables attackers within a guest VM to corrupt the host kernel's memory, risking guest-host isolation in public cloud environments. Security researcher Hyunwoo Kim disclosed the issue, which he successfully exploited as a zero-day in Google’s kvmCTF program.

The bug's exploitation requires root access within the guest VM and exposed nested virtualization. A one-line fix was issued on July 4, 2026, and it is imperative for users running x86 KVM hosts with multi-tenant guests to ensure they apply this patch to avoid potential attacks.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline