Januscape: Guest-to-Host Escape in KVM/x86 (CVE-2026-53359)
A critical vulnerability in KVM/x86, dubbed Januscape (CVE-2026-53359), allows a guest VM to escape to the host on both Intel and AMD architectures. Discovered and reported by Hyunwoo Kim (@v4bel), it's the first guest-to-host exploit that works across both CPU families. The bug is a use-after-free in the shadow MMU emulation, triggered solely from guest actions.
Impact and Scope
Two impacts: KVM escape and local privilege escalation (LPE). An attacker with guest root can crash the host (DoS) or execute arbitrary code on the host (RCE), compromising all other VMs on the same physical machine. On distributions like RHEL, where /dev/kvm is world-writable (0666), an unprivileged user can exploit the same bug for LPE to root.
The vulnerability was successfully used as a 0-day in Google's kvmCTF competition. The PoC triggers a host kernel panic within seconds to minutes.
Affected Versions
The bug was introduced in commit 2032a93d66fa (2010-08-01) and fixed in commit 81ccda30b4e8 (2026-06-16). That's nearly 16 years of exposure. Any KVM/x86 host running a kernel in that range and supporting nested virtualization is vulnerable.
Technical Details
The vulnerability resides in the shadow MMU emulation. When a guest triggers a specific sequence, a use-after-free corrupts the host kernel's shadow page table. The PoC module, once loaded inside the guest, races to trigger the bug. On Intel, load with sudo rmmod kvm_intel; sudo insmod poc.ko; on AMD, add amd=1. The race ends with a kernel BUG at arch/x86/kvm/mmu/mmu.c in pte_list_remove.
Unlike typical QEMU escapes, Januscape occurs in the in-kernel KVM, so it affects even cloud providers that use custom virtualization stacks. The exploit requires guest root (which tenants usually have) and nested virtualization support.
Mitigation and Next Steps
Apply the patch (commit 81ccda30b4e8) to the host kernel immediately. If you operate a multi-tenant x86 KVM host with nested virtualization, prioritize this. Arm64 hosts are not affected by Januscape, but if you haven't patched ITScape (CVE-2026-46316), do that too.
For users: check if your cloud provider has patched. For operators: patch now. The PoC is public, and a full escape exploit exists (though not yet released).


