Google pays $250K for Linux vulnerability allowing guest VM escapes
13 hours ago
- #Linux Security
- #Cloud Threat
- #Virtualization Vulnerability
- A high-severity vulnerability in KVM (CVE-2026-53359) allows guest VMs to gain root access to the host, affecting Linux for 16 years.
- Named Januscape, it's a use-after-free flaw in shadow MMU emulation, enabling attackers on cloud platforms to compromise the host via guest-side actions alone.
- Researcher Hyunwoo Kim provided a PoC causing host crashes and confirmed a full escape exploit exists but won't be released soon.