Linux KVM shadow MMU use-after-free security flaw (CVE-2026-53359)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2026-53359 is a Linux KVM shadow MMU use-after-free that a guest VM can trigger to corrupt host kernel shadow-page state, creating host panic and potential code execution risk. The flaw affects x86 KVM hosts with nested virtualization, and the vulnerable code has existed since August 2010. A fix is available in mainline and stable kernels, including the commit merged on June 19, 2026 and stable releases shipped on July 4, 2026. Administrators who cannot patch immediately can disable nested virtualization to block the attack path for untrusted guests.
Timeline
-
06.07.2026 20:37 1 articles · 3d ago
Kernel fix closes KVM shadow MMU use-after-free
Mitigation Patch UpdateCommit 81ccda30b4e8 merged into mainline on June 19, 2026, fixing the KVM shadow MMU use-after-free by checking role.word alongside gfn in kvm_mmu_get_child_sp().
Show sources
- 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems — thehackernews.com — 06.07.2026 20:37
-
06.07.2026 20:37 1 articles · 3d ago
Stable kernels ship the KVM shadow MMU fix
Mitigation Patch UpdateFixed stable kernels shipped on July 4, 2026 with the KVM shadow MMU correction in 7.1.3, 6.18.38, 6.12.95, 6.6.144, 6.1.177, 5.15.211, and 5.10.260.
Show sources
- 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems — thehackernews.com — 06.07.2026 20:37
-
06.07.2026 20:37 1 articles · 3d ago
Hyunwoo Kim discloses Januscape guest-to-host KVM flaw
Initial DisclosureHyunwoo Kim disclosed Januscape (CVE-2026-53359), a Linux KVM shadow MMU use-after-free that a guest VM can trigger on Intel and AMD x86 systems to corrupt host kernel state. The public proof-of-concept panics the host, Kim said a separate unreleased exploit can reach full host code execution, and the bug was used as a zero-day submission in Google's kvmCTF.
Show sources
- 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems — thehackernews.com — 06.07.2026 20:37