# Critical Linux Vulnerability Allows VM Escape and Host Takeover

*Published July 8, 2026*
*Source: [https://www.securityweek.com/linux-kernel-vulnerability-allows-vm-escape-on-intel-and-amd-systems/](https://www.securityweek.com/linux-kernel-vulnerability-allows-vm-escape-on-intel-and-amd-systems/)*

## Executive Summary

The Januscape vulnerability in the Linux kernel enables attackers to escape virtual machines and compromise host systems across Intel and AMD platforms. This critical flaw poses a significant risk to multi-tenant public clouds and has been patched after 16 years.

## Article

A recently identified vulnerability in the Linux kernel, named Januscape, poses a significant security risk by allowing virtual machines (VMs) to escape their confines and execute malicious code on the host system. This flaw, formally tracked as CVE-2026-53359, affects the shadow MMU code within the Linux Kernel-based Virtual Machine (KVM) hypervisor. It is particularly concerning for multi-tenant x86 public clouds that run untrusted guest systems and expose nested virtualization. Notably, Januscape is the first KVM exploit confirmed to work on both Intel and AMD architectures. Security researcher Hyunwoo Kim discovered this zero-day vulnerability and presented it during Google's kvmCTF bug bounty program. The vulnerability is identified as a use-after-free flaw, which allows an attacker to corrupt the shadow page state of the host kernel from the VM. Successfully exploiting Januscape could compromise the entire host system, enabling an attacker to cause a denial of service (DoS) by crashing the host kernel or executing remote code (RCE) with root privileges, thereby taking control of the host and all associated VMs. The flaw can be exploited by unprivileged users on certain Linux distributions like Red Hat Enterprise Linux to escalate their privileges to root. Exploiting Januscape requires root access on the guest VM, a privilege typically available by default on public cloud instances. Without direct root access, attackers might combine this vulnerability with other privilege escalation exploits, such as Dirty Frag. This vulnerability remained undiscovered in the Linux kernel for 16 years before being patched on June 19. This patch was implemented with commit 81ccda30b4e8.
