16-year-old KVM flaw allows attackers to escape VMs and take over Linux servers

Summary

A critical 16-year-old vulnerability (CVE-2026-53359), nicknamed Januscape, has been discovered in the Linux KVM module. This flaw allows an attacker with root access within a virtual machine to escape to the host system and execute arbitrary code, potentially impacting all other tenants on the same physical machine.

IFF Assessment

FOE

This vulnerability allows attackers to compromise host systems and take control of virtual machines, posing a significant threat to defenders.

Severity

9.3 Critical

The vulnerability allows for guest-to-host escape and remote code execution with root privileges, indicating a critical impact. The widespread use of KVM and the long presence of the flaw suggest a high exploitability, particularly on multi-tenant cloud infrastructure.

CISA KEV: Listed as actively exploited. Federal patch due: May 16, 2022. Known ransomware use: Unknown.

Defender Context

Defenders must prioritize patching Linux systems utilizing KVM, especially in cloud environments and multi-tenant setups. This vulnerability highlights the ongoing risk of guest-to-host escapes and the importance of timely updates for critical virtualization infrastructure.

Read Full Story →