Januscape: A 16-Year-Old KVM Escape Vulnerability Threatens Cloud Security

Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359]

112Imustaskforhelp💬 37
Januscape: A 16-Year-Old KVM Escape Vulnerability Threatens Cloud Security

I discovered Januscape, a critical use-after-free vulnerability in KVM/x86 that allows guest-to-host escapes on both Intel and AMD. This flaw, dormant for 16 years, was weaponized as a 0-day in the Google kvmCTF and threatens multi-tenant clouds like GCP and AWS. While a Proof of Concept can trigger host panics, the full exploit remains unreleased to encourage patching.

"On distributions like RHEL, /dev/kvm is world-writable, so an unprivileged user could also turn this vulnerability into a reliable LPE to root. That said, doing so would be like paying gold for garbage."