Januscape Linux kernel flaw enables VM escape
🛡️ A 16-year-old Linux kernel vulnerability called Januscape (CVE-2026-53359) allows guest-to-host escapes via a use-after-free in the KVM/x86 shadow MMU emulation. Discovered and detailed by researcher Hyunwoo Kim and patched in June 2026, it affects both Intel and AMD architectures and was used in Google's kvmCTF program. Unpatched multi-tenant hosts, especially with world-writable /dev/kvm, risk host takeover or denial-of-service.
