16-Year-Old KVM Flaw Allows VM Escape on Intel and AMD

github.com · ⭐️ 9/10 · 2026-07-07

Researchers disclosed Januscape (CVE-2026-53359), a use-after-free vulnerability in KVM's shadow MMU that allows a guest VM to escape to the host on both Intel and AMD platforms. The bug has existed in the Linux kernel for approximately 16 years, from 2010 to June 2026. This is the first publicly known guest-to-host escape exploit that works on both Intel VMX and AMD SVM, making it a critical threat to multi-tenant cloud environments using KVM. The vulnerability was used as a 0-day in Google's kvmCTF and could compromise isolation boundaries of cloud providers. The flaw resides in the function kvm_mmu_get_child_sp() within the shadow MMU code shared by both Intel and AMD x86 KVM implementations. PoC code has been released that triggers host kernel panic from a guest, and on RHEL-like distributions, a local unprivileged user can also escalate to root.

Background

KVM (Kernel-based Virtual Machine) is a Linux kernel module that allows the host to run multiple virtual machines. The shadow MMU is a component of KVM that manages guest page tables by shadowing them with host physical addresses, a technique used when hardware-assisted nested paging is unavailable or disabled. A use-after-free bug occurs when memory is freed but still referenced, leading to potential corruption or exploitation.

References

Read original