Skip to content

OSG-SEC-2026-07-07 Linux Kernel KVM Guest-to-Host Escape Vulnerability (CVE-2026-53359)

Dear OSG Security Contacts,

A Linux kernel vulnerability has been identified in the Kernel-based Virtual Machine (KVM) x86 shadow paging mechanism (CVE-2026-53359). The vulnerability allows a malicious guest virtual machine to corrupt host kernel memory, potentially resulting in a guest-to-host escape, denial of service, or arbitrary code execution on affected systems. Because the flaw affects KVM virtualization hosts, systems that provide virtual machine environments may be impacted.

WHAT ARE THE VULNERABILITIES:

The vulnerability is caused by a use-after-free condition in the Linux kernel's KVM x86 shadow paging mechanism. Under specific conditions, memory associated with shadow page tables may be reused after it has been released, resulting in kernel memory corruption.

The publicly available proof-of-concept demonstrates that a guest virtual machine with sufficient privileges can trigger a denial-of-service condition on the host. The researcher has also stated that a guest-to-host code execution exploit exists, although that capability has not been publicly released. Exploitation requires specific virtualization configurations, including KVM on x86 systems with nested virtualization

IMPACTED VERSIONS:

The vulnerability affects KVM on x86 systems running kernel versions that include the vulnerable shadow paging code. The following Red Hat Enterprise Linux releases are affected: - Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- Red Hat Enterprise Linux 10

Ubuntu, Debian, Rocky Linux, AlmaLinux, SUSE, and other Linux distributions may also be affected depending on the kernel package version and vendor backports. Administrators should consult their respective Linux distribution vendor to determine whether installed kernel packages are affected and whether security updates are available.

WHAT YOU SHOULD DO:

Apply vendor-provided kernel updates addressing CVE-2026-53359 when they become available. A system reboot is required after installing the updated kernel for the changes to take effect.
Systems running KVM on x86 should be reviewed to determine whether they are affected and whether nested virtualization is enabled.
If patching cannot be completed immediately, administrators should consider disabling nested virtualization on KVM hosts where it is not operationally required. This reduces exposure to the publicly demonstrated attack path while allowing virtualization services to continue operating.
If nested virtualization is required for production workloads, administrators should closely monitor vendor advisories and apply updated kernel packages as soon as they become available.
Continue to monitor your Linux distribution vendor for additional security advisories and updated kernel packages.

REFERENCES

[1] https://www.cve.org/CVERecord?id=CVE-2026-53359
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-53359
[3] https://access.redhat.com/security/cve/cve-2026-53359
[4] https://github.com/V4bel/Januscape
[5] https://security-tracker.debian.org/tracker/CVE-2026-53359
[6] https://ubuntu.com/security/CVE-2026-53359
[7] https://blog.cloudlinux.com/januscape-cve-2026-53359-mitigation-and-kernel-update-on-cloudlinux/

Please contact the OSG security team at [email protected] if you have any questions or concerns. OSG Security Team