Multiple outlets report that a newly disclosed Linux kernel vulnerability, dubbed “Januscape,” affects the KVM hypervisor used on Intel and AMD x86 systems. The flaw is described as a use-after-free bug in KVM components responsible for managing shadow memory (shadow MMU/page state). Because it can be triggered from within a guest virtual machine, an attacker may be able to manipulate the hypervisor’s memory state and escape the confines of the VM, potentially leading to corruption or arbitrary code execution on the underlying host kernel.
SecurityWeek and Bleeping Computer both describe the issue as allowing VM escape from guests to the host, noting that it is present on both Intel and AMD platforms. The Hacker News adds technical detail, stating the vulnerability is tracked as CVE-2026-53359 and that it is located in KVM’s shadow MMU code shared across the two CPU families. The Hacker News also notes that publicly available proof-of-concept code can cause a host panic, while the researcher indicates a separate, not-yet-released exploit may exist.
The reports collectively emphasize the risk of guest-to-host compromise when unpatched systems run KVM.