A single mismatched flag deep inside how KVM tracks guest memory turned into a full virtual-machine escape. CVE-2026-53359 — nicknamed “Januscape” — is a use-after-free in the Linux kernel’s x86 shadow memory-management unit (MMU) that lets code running inside a guest VM reach out and corrupt memory on the host that runs it. It affects both Intel and AMD hosts, and the vulnerable code had been sitting in the kernel, unnoticed, for roughly 16 years.
If you run virtual machines on Linux — a hypervisor host, a cloud compute node, or a workstation running nested VMs — this is a patch-now issue. Here is a plain-English breakdown of what it is, whether you are exposed, and exactly which kernels contain the fix.
The short version
- What: A use-after-free in KVM’s x86 shadow MMU (
arch/x86/kvm/mmu/mmu.c). - Impact: Guest-to-host VM escape — a malicious or compromised guest can corrupt host memory and potentially execute code on the host. On some distributions it can also be used for local privilege escalation.
- Who is affected: Intel and AMD x86 hosts running KVM where nested virtualization is available. The bug is triggerable from inside a guest.
- Age: The flawed code was introduced around August 2010 and stayed latent until June 2026 — about 16 years.
- Status: Patched upstream on 19 June 2026 (mainline commit
81ccda30b4e8, released in 7.2-rc1). It was demonstrated as a zero-day during Google’s KVMCTF bug-bounty program. - Severity: Rated High by distributions. NVD had not published a numeric CVSS score at the time of writing.
- It is two CVEs, not one: the complete fix also requires a companion patch for CVE-2026-46113 in the same code. A kernel carrying only the CVE-2026-53359 commit is still exploitable — see “Januscape is actually two bugs” below.
What actually goes wrong
To virtualize memory, KVM builds “shadow” page tables that mirror what the guest thinks its memory map looks like. Each shadow page carries a role that records how it is being used — including whether it is a direct mapping (direct=1) or an indirect one (direct=0).
The bug is that when KVM looks up or allocates a child shadow page, it did not compare that role before reusing an existing page. So a guest can arrange for a page-directory entry that once described a direct leaf mapping to be reinterpreted as pointing at a non-leaf page (direct=1 vs direct=0). The reverse-mapping (“rmap”) bookkeeping that KVM keeps for that page is now wrong.
The dangerous consequence: those stale rmap entries can survive a memslot deletion. Once the underlying shadow page is freed, the leftover references still point into that freed memory — a classic use-after-free. A guest that drives this deliberately can steer the freed-and-reused memory to corrupt host state, which is the foundation for a VM escape. The two-faced “same page, two contradictory roles” behaviour is what earned it the name Januscape, after Janus, the two-faced Roman god.
Are you exposed?
The exposure condition is straightforward: an x86 KVM host (Intel or AMD) where nested virtualization is enabled. A hostile guest is the attacker. If you run untrusted or multi-tenant guests, treat this as urgent.
Check your kernel version:
uname -r
Compare it against the fixed versions in the table below.
Check whether nested virtualization is on:
# Intel hosts
cat /sys/module/kvm_intel/parameters/nested
# AMD hosts
cat /sys/module/kvm_amd/parameters/nested
A value of Y or 1 means nested virtualization is enabled and the host is in the vulnerable configuration until patched.
Solution 1 — Patch the kernel (the real fix)
Updating to a fixed kernel and rebooting is the durable remediation. On most systems that is simply:
# Debian / Ubuntu
sudo apt update && sudo apt upgrade
sudo reboot
# RHEL / Fedora / Alma / Rocky
sudo dnf upgrade kernel
sudo reboot
# openSUSE
sudo zypper patch
sudo reboot
A reboot into the new kernel is required — a running host keeps executing the vulnerable code until it boots the patched kernel (unless you apply a live-patch, where your vendor offers one).
Kernels that contain the fix
The fix landed in mainline and was backported to the maintained stable series. You are safe if you are running at or above the version listed for your series:
| Kernel series | First fixed version |
|---|---|
| Mainline | 7.2-rc1 (commit 81ccda30b4e8) |
| 7.1.x | 7.1.3 |
| 6.18.x (LTS) | 6.18.38 |
| 6.12.x (LTS) | 6.12.95 |
| 6.6.x (LTS) | 6.6.144 |
| 6.1.x (LTS) | 6.1.177 |
Distribution packages carry their own version numbers — match against your distro’s advisory rather than the upstream number:
- Debian:
linux6.12.95-1 (trixie) and 7.1.3-1 (sid). - Ubuntu: tracked as High priority across all supported releases; install the latest
linux-imagefor your release and confirm status on Ubuntu’s CVE page. Because HWE and cloud kernels (aws, azure, gcp, oracle, raspi…) ship separately, update whichever variant your host runs. - RHEL / Alma / Rocky / Fedora and Amazon Linux: pull the newest kernel from your vendor’s errata and reboot.
Stable-series fix numbers are the versions in which the backport first appeared; any later release in the same series also contains the fix. Always cross-check your distribution’s own security advisory for the exact package build, since backport version numbers differ from upstream.
Important: Januscape is actually two bugs — patch both
Do not verify your remediation by CVE-2026-53359 alone. The complete upstream fix is two commits closing two CVEs in the same corner of the KVM code:
- CVE-2026-53359 — commit
81ccda30b4e8 - CVE-2026-46113 — commit
0cb2af2ea66a(a closely related flaw in the same path)
A kernel that carries only the first commit is still exploitable through the second. Because most people check remediation by looking up a single CVE ID, it is easy to see “CVE-2026-53359 — fixed,” tick the box, and remain vulnerable. When you install a vendor or mainline kernel, confirm both CVEs are addressed — not just the headline one. The upstream stable releases in the table above include both fixes; for distribution kernels, check that the changelog references both CVE IDs.
Solution 2 — Interim mitigation: disable nested virtualization
If you cannot patch and reboot immediately, and you do not rely on nested virtualization, disabling it removes the trigger condition and closes the attack surface. Do this only after confirming no guest depends on it — disabling it will break any VM that runs its own hypervisor inside.
Disable it persistently and reload the KVM module (or reboot):
# Intel
echo "options kvm_intel nested=0" | sudo tee /etc/modprobe.d/kvm-no-nested.conf
# AMD
echo "options kvm_amd nested=0" | sudo tee /etc/modprobe.d/kvm-no-nested.conf
# Apply (no running VMs must be using the module), then verify:
sudo modprobe -r kvm_intel && sudo modprobe kvm_intel # or kvm_amd
cat /sys/module/kvm_intel/parameters/nested # expect: N
On a busy hypervisor you usually cannot unload the module while guests are running, so this typically takes a reboot to take effect. Before making a fleet-wide change, check which VMs actually use nested virtualization (KVM exposes nested_run counters per vCPU) so you do not silently break a workload that depends on it.
Solution 3 — Reduce blast radius
- Do not run untrusted guests on unpatched hosts. The attacker in this scenario is the guest itself.
- Prioritize multi-tenant and shared hosts. Anywhere you run workloads you do not fully control, patch first.
- Live-migrate where you can. If your platform supports it, evacuate guests off an unpatched node, patch it, and migrate back — no guest downtime.
- Keep nested virtualization off by default on hosts that have no need for it, even after patching. It is a large attack surface you can simply not expose.
Timeline
- Aug 2010: The flawed shadow-MMU code is introduced (commit
2032a93d66fa). - Jun 2026: Demonstrated as a working zero-day guest escape during Google’s KVMCTF.
- 19 Jun 2026: Fixed in mainline (commit
81ccda30b4e8), then backported to the stable series above.
Key takeaways
- CVE-2026-53359 / Januscape is a KVM shadow-MMU use-after-free that enables guest-to-host VM escape on Intel and AMD x86 hosts.
- You are exposed if you run an unpatched KVM host with nested virtualization enabled and any untrusted guests.
- Patch and reboot to a fixed kernel — 6.1.177, 6.6.144, 6.12.95, 6.18.38, 7.1.3, or 7.2-rc1 and later — or the matching build from your distribution.
- Confirm both patches: Januscape spans two CVEs (CVE-2026-53359 and CVE-2026-46113). Verifying only the first can leave you exposed — check for both.
- If you cannot patch yet, disable nested virtualization as an interim mitigation, after confirming nothing depends on it.
- Treat multi-tenant and shared hypervisors as the top priority.
Check uname -r against the table above, and if your kernel is older than the fix for its series, schedule that reboot.

Leave a Reply