arstechnica.com 7/8/2026, 7:31:24 PM · external

Linux flaws Januscape and GhostLock let users escalate to root

Linux flaws Januscape and GhostLock let users escalate to root
Developing story vulnerability 7 articles tracked
Linux kernel flaws GhostLock and Januscape allow VM escape and root access
CyberSIXT Evidence Panel
Primary Source nebusec.ai
CISA KEV Not in KEV
Patch Patch Status Unknown

TWO high-severity Linux vulnerabilities, CVE-2026-53359 and CVE-2026-43499, have been reported this week.

The first vulnerability, named Januscape, affects KVM (Kernel-based Virtual Machine) on both AMD and Intel processors, allowing untrusted guest virtual machines to gain root access to the host. This flaw, a use-after-free vulnerability, was undiscovered for 16 years, enabling attackers to execute code at the host level. Google awarded $250,000 for its discovery.

The second vulnerability, GhostLock, allows limited rights users to escalate to root access, also a use-after-free issue that had remained for 15 years. This vulnerability has a severity rating of 7.8 and was discovered using Nebula Security's AI scanner. Google awarded $92,337 for its identification.

Both vulnerabilities have been patched in the Linux kernel, urging users to check for updates.

View Primary Source Via arstechnica.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline