TWO high-severity Linux vulnerabilities, CVE-2026-53359 and CVE-2026-43499, have been reported this week.
The first vulnerability, named Januscape, affects KVM (Kernel-based Virtual Machine) on both AMD and Intel processors, allowing untrusted guest virtual machines to gain root access to the host. This flaw, a use-after-free vulnerability, was undiscovered for 16 years, enabling attackers to execute code at the host level. Google awarded $250,000 for its discovery.
The second vulnerability, GhostLock, allows limited rights users to escalate to root access, also a use-after-free issue that had remained for 15 years. This vulnerability has a severity rating of 7.8 and was discovered using Nebula Security's AI scanner. Google awarded $92,337 for its identification.
Both vulnerabilities have been patched in the Linux kernel, urging users to check for updates.