A vulnerability that has sat unnoticed in the Linux kernel's Kernel-based Virtual Machine (KVM) since 2010 puts cloud systems worldwide at risk. It allows an attacker to break out of a virtual machine and take control of the underlying host system. Intel and AMD based systems are affected, Arm64 platforms are not.
What makes the flaw so dangerous
The bug was found by security researcher Hyunwoo Kim, known online as V4bel, who documented it on GitHub. The flaw, tracked as CVE-2026-53359 and nicknamed "Januscape," is a use-after-free bug in KVM/x86's shadow MMU, the component responsible for translating memory addresses. According to Kim, exploiting it requires nothing more than root access on any guest system.
The bug can be triggered purely through actions inside the guest, corrupting the host kernel's shadow page and breaking the isolation between guest and host. That's especially critical for cloud providers like Google or AWS, where VMs belonging to different customers run on the same hardware. An attacker controlling just a single rented instance could crash the host kernel and take down every other guest VM on the same machine, or in the worst case execute code with root privileges on the host and take over the entire environment.
Exploit only partially released so far
Kim has already published an exploit, but it only crashes the host system rather than achieving a full breakout. He says he's holding back an exploit for a complete VM escape for security reasons, planning to release it only "in the very distant future." Given how much vulnerability research is now assisted by AI, it's not out of the question that other actors could develop a full exploit independently, especially since Kim has already published extensive technical details.
A kernel patch has been available since June 16, 2026, meaning the flaw sat in the code for roughly 16 years. According to vendor advisories, many versions of common distributions like Debian, Ubuntu, SUSE, and Red Hat still lack the fix, and in some cases it's not even fully clear which versions are affected. If you run cloud or virtualization infrastructure, it's worth checking your distributor's security advisories and applying the patch as soon as it's available.