A newly disclosed Linux KVM use-after-free flaw can let a guest virtual machine corrupt host kernel memory, with a public proof of concept causing host panics and a withheld exploit said to reach host code execution. The bug, tracked as CVE-2026-53359 and known as Januscape, affects x86 systems with nested virtualization enabled.
KEY FACTS
- Bug A use-after-free in KVM shadow MMU code can be triggered from inside a guest VM.
- Scope The flaw has existed since 2010 and affects both Intel and AMD x86 systems.
- Impact The public demo crashes the host, while a separate exploit path is said to enable host code execution.
- Condition The attack needs guest root access and nested virtualization on the host.
The researcher's disclosure says the bug sits in KVM's shadow MMU code, where pages were reused based on memory address alone instead of matching both the guest frame number and the page role. That mix-up could leave KVM with inconsistent records of guest memory.
Most often, the kernel detects the corruption and panics to avoid further damage. In the public proof of concept, that means a guest VM can take down the host and every other VM on the same machine.
The report says the code path has been present since 2010 and was fixed in a patch merged into mainline on June 19, 2026. It also says fixed stable releases shipped on July 4, 2026, including 7.1.3, 6.18.38, 6.12.95, 6.6.144, 6.1.177, 5.15.211 and 5.10.260.
Nested virtualization is the key requirement on the host side. The article says disabling nested virtualization with kvm_intel.nested=0 or kvm_amd.nested=0 removes the attack path for untrusted guests until a kernel update is applied.
Distribution status varies, and the article says vendors may backport the fix under different version numbers. It notes that NVD had not yet assigned a CVSS score at the time of writing.
WHY IT MATTERS
The flaw affects hosts that run untrusted guests with nested virtualization, which can put multiple tenants at risk on the same physical machine. Administrators are advised to verify the patched commit or vendor backport rather than relying only on kernel version numbers.

