Jul 8, 2026·5 min read·13 visits
A 16-year-old logic flaw in KVM's Shadow MMU allows a virtual machine guest administrator to bypass hypervisor isolation, causing a guest-to-host escape, local privilege escalation, or host denial of service.
Januscape (CVE-2026-53359) is a critical Use-After-Free vulnerability in the x86 Shadow MMU component of the Linux Kernel's KVM subsystem. A logic error in shadow page tracking permits unauthorized page reuse without validating architectural execution roles, leading to dangling pointers in reverse mapping (rmap) tracking entries during guest memory teardown.
The Januscape vulnerability, tracked as CVE-2026-53359, is a security-critical Use-After-Free (UAF) flaw located in the x86 Shadow Memory Management Unit (MMU) emulation of the Linux Kernel's KVM (Kernel-based Virtual Machine) subsystem.
KVM uses the Shadow MMU to translate guest physical addresses to host physical addresses when hardware-assisted paging is unavailable or when nested virtualization is active on the host processor.
This vulnerability allows an attacker with root administrative privileges on a guest virtual machine to bypass hypervisor isolation boundaries and escape to the host.
This security flaw remained undetected in the Linux kernel codebase for approximately sixteen years, impacting a broad range of legacy and modern kernel deployments.
The root cause of CVE-2026-53359 resides in a logic error within KVM's shadow page tracking and reuse routine.
Every shadow page table is tracked via a struct kvm_mmu_page structure, which has an associated architectural execution role defined by union kvm_mmu_page_role.
During translation mapping updates, the helper function kvm_mmu_get_child_sp retrieves a cached shadow page from the hash table but fails to validate whether the page execution role matches the newly requested role.
When a guest page table transitions from mapping a 2MB huge page (direct mapping) to a standard 4KB page directory, the kernel reuses the existing shadow page structure despite the mismatch in the direct translation properties.
This mismatch causes the helper function kvm_mmu_page_get_gfn to calculate incorrect Guest Frame Numbers (GFNs) during page zapping operations.
Because of the incorrect GFN values, KVM fails to find and remove the corresponding reverse mapping (rmap) entries during teardown.
When the associated guest memory slot (memslot) is subsequently deleted, the shadow page is deallocated, but the un-cleared rmap entry persists as a dangling pointer pointing to the freed memory area.
An analysis of the vulnerable codebase shows that the flaw lies in the lookup loop of the kvm_mmu_get_child_sp function.
In vulnerable kernel versions, the lookup is restricted solely to verifying the GFN matching and the validity status of the page:
/* Vulnerable lookup routine in arch/x86/kvm/mmu/mmu.c */
hlist_for_each_entry(sp, &vcpu->kvm->arch.mmu_page_hash[kvm_page_table_hashfn(gfn)], hash_link) {
if (sp->gfn == gfn && !sp->role.invalid) {
return sp;
}
}The official upstream fix modifies this block to enforce strict equivalence of the architectural execution roles before a shadow page can be safely reused:
/* Patched lookup routine in arch/x86/kvm/mmu/mmu.c */
hlist_for_each_entry(sp, &vcpu->kvm->arch.mmu_page_hash[kvm_page_table_hashfn(gfn)], hash_link) {
/* Verify the whole role word structure matches the target configuration */
if (sp->gfn == gfn && sp->role.word == role.word && !sp->role.invalid) {
return sp;
}
}Enforcing the sp->role.word == role.word comparison guarantees that a page initialized for a direct translation layout is never reused for indirect multi-level page tables, eliminating the rmap reference tracking corruption.
The exploitation path requires the attacker to execute code as an administrator inside the guest virtual machine and establish a nested page table environment.
The attacker creates a concurrent execution layout where a dedicated thread rapidly modifies page directory entries between huge pages and standard page directories, while parallel threads invoke continuous guest page faults on the target memory area.
This parallel execution induces a race condition, forcing the hypervisor to execute the vulnerable kvm_mmu_get_child_sp lookup and retrieve a mismatched shadow page structure.
Following the memslot deletion, the hypervisor frees the target physical page, but the corresponding rmap tracking pointer remains in memory.
By executing a routine that walks the rmap chain, such as memory dirty logging or page validation, the kernel dereferences the stale pointer, allowing the attacker to hijack host execution flow.
The primary impact of CVE-2026-53359 is a virtual machine escape, resulting in a complete compromise of the virtualization host's security perimeter.
In public cloud and multi-tenant virtualization systems, this escape allows a malicious tenant to compromise neighboring guest environments, access confidential data, and bypass hardware-enforced isolation.
On systems configured with world-writable access to the /dev/kvm interface, the flaw can be leveraged by a local, unprivileged user to escalate privileges directly to root on the physical host.
If host-level exploit mitigation techniques restrict control flow redirection, triggering the Use-After-Free condition results in a host kernel panic and immediate Denial of Service (DoS).
Remediation of CVE-2026-53359 requires updating host operating systems to patched stable versions of the Linux Kernel.
Administrators should deploy kernel updates that include commit 81ccda30b4e8, which is backported to supported long-term stable branches.
For systems where kernel updates cannot be immediately applied, nested virtualization should be disabled by configuring KVM module options to prevent the exploitation path.
Additionally, restricting file permissions on the /dev/kvm device node to trusted system administrative groups prevents local unprivileged users from initiating KVM instances and attempting privilege escalation.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H| Product | Affected Versions | Fixed Version |
|---|---|---|
Linux Kernel Linux | >= 2.6.36, < 6.1.177 | 6.1.177 |
Linux Kernel Linux | >= 6.2, < 6.6.144 | 6.6.144 |
Linux Kernel Linux | >= 6.7, < 6.12.95 | 6.12.95 |
Linux Kernel Linux | >= 6.13, < 6.18.38 | 6.18.38 |
Linux Kernel Linux | >= 6.19, < 7.1.3 | 7.1.3 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-416 (Use-After-Free) |
| Attack Vector | Local / Guest VM Control |
| CVSS v3.1 Score | 8.8 |
| EPSS Score | 0.00176 |
| Impact | Guest-to-Host Escape / Local Privilege Escalation |
| Exploit Status | Proof-of-Concept / Weaponized (kvmCTF) |
| CISA KEV Status | Not Listed |
The product references memory after it has been freed, which can lead to a crash, unexpected behavior, or execution of arbitrary code.
CVE-2026-48282 is a critical unauthenticated path traversal and arbitrary file write vulnerability in the Remote Development Services (RDS) component of Adobe ColdFusion. The vulnerability allows a remote, unauthenticated attacker to bypass directory boundaries and write arbitrary files, including CFML-based web shells, onto the host server. This flaw is actively exploited in the wild and enables full unauthenticated remote code execution under the privileges of the ColdFusion service account.
An information disclosure vulnerability exists in the web-auth/webauthn-lib PHP library when using the default SimpleFakeCredentialGenerator without a configured secret. This allows unauthenticated remote attackers to determine if a username exists on the target application.
A Stored and Reflected Cross-Site Scripting (XSS) vulnerability was identified in the Rust web service library 'rama' prior to version 0.3.0-rc.1. When serving directories using DirectoryServeMode::HtmlFileList, the library improperly escapes directory names, filenames, and request path components before injecting them into dynamically generated HTML files. This allows attackers to execute malicious scripts inside user browser sessions.
The ha-mcp add-on for Home Assistant exposes its settings and security policy routes without authentication at the bare root path of TCP port 9583. This exposure allows unauthorized adjacent network clients to reconfigure tools, alter policies, and bypass human-in-the-loop approval gates. The vulnerability has been addressed in development build 7.6.0.dev393 and subsequent releases by restricting access to root-mounted routes exclusively to the Supervisor Ingress IP.
An authentication freshness bypass vulnerability exists in the WebAuthn re-authentication path of Flask-Security-Too versions 5.8.0 and 5.8.1. The flaw allows an authenticated attacker to elevate the freshness status of a victim session using their own WebAuthn credential, bypassing re-authentication constraints.
A Server-Side Request Forgery (SSRF) vulnerability exists in Weblate's private address validator when the VCS_RESTRICT_PRIVATE setting is enabled. By exploiting IPv6 transition mechanisms, such as NAT64, 6to4, or IPv4-compatible configurations, an attacker can bypass private network boundaries and access internal services.