
A Linux vulnerability that permits untrusted digital machines to achieve root entry to host machines is one in every of two high-severity flaws to floor this week within the open supply working system.
The vulnerability resides in KVM, which is, in essence, a digital machine app included within the kernel of many Linux distributions. The vulnerability, tracked as CVE-2026-53359, permits visitor digital machines—resembling these utilized in cloud platforms to isolate one consumer’s occasion from the host OS and different consumer situations—to interrupt out of that container.
Januscape: A menace to cloud platforms
The vulnerability impacts KVM operating on each AMD and Intel processors. It exploits bugs residing within the KVM guest-side, the portion of the VM that consists of solely sources just like the OS or drivers current within the visitor VM, reasonably than sources current on the host machine. The menace went unnoticed within the Linux kernel for 16 years.









