Hasty Briefsbeta

Bilingual

Google pays $250K for Linux vulnerability allowing guest VM escapes

13 hours ago
  • #Linux Security
  • #Cloud Threat
  • #Virtualization Vulnerability
  • A high-severity vulnerability in KVM (CVE-2026-53359) allows guest VMs to gain root access to the host, affecting Linux for 16 years.
  • Named Januscape, it's a use-after-free flaw in shadow MMU emulation, enabling attackers on cloud platforms to compromise the host via guest-side actions alone.
  • Researcher Hyunwoo Kim provided a PoC causing host crashes and confirmed a full escape exploit exists but won't be released soon.