Januscape: Guest-to-Host Escape in KVM/x86
Januscape (CVE-2026-53359) is a guest-to-host vulnerability that exploits a use-after-free in the shadow MMU emulation of KVM/x86. Guest-side actions alone can trigger the bug and corrupt the shadow page state of the host kernel that runs the guest. Because the vulnerability lives in the shadow MMU code that x86 KVM shares between both Intel (VMX) and AMD (SVM), it is not limited to a single architecture, and to the best of public knowledge, this is the first guest-to-host exploit research triggerable on both Intel and AMD. It threatens the guest-host isolation of multi-tenant x86 public clouds (GCP, AWS, etc.) that accept untrusted guests and expose nested virtualization. In fact, this vulnerability was used as a 0-day in Google kvmCTF.
SirHaxalot@nord.pub 3 days ago
At least it sounds like a full escape is not trivial still