Google paid a $250,000 bounty for CVE-2026-53359, a critical KVM vulnerability allowing guest VMs to escape isolation and gain root access on the host machine. Discovered by researcher Hyunwoo Kim and dubbed 'Januscape,' this 16-year-old use-after-free bug affects both AMD and Intel processors, posing severe risks to cloud infrastructure stability and security.
Background
KVM (Kernel-based Virtual Machine) is a core virtualization infrastructure component in the Linux kernel, widely used by cloud providers to isolate tenant workloads. Vulnerabilities in KVM can lead to catastrophic security breaches where compromised guests attack the underlying host.
- Source
- Ars Technica
- Published
- Jul 9, 2026 at 03:01 AM
- Score
- 9.0 / 10