E-Ink News Daily

Back to list

Google pays $250K for Linux vulnerability allowing guest VM escapes

Google paid a $250,000 bounty for CVE-2026-53359, a critical KVM vulnerability allowing guest VMs to escape isolation and gain root access on the host machine. Discovered by researcher Hyunwoo Kim and dubbed 'Januscape,' this 16-year-old use-after-free bug affects both AMD and Intel processors, posing severe risks to cloud infrastructure stability and security.

Background

KVM (Kernel-based Virtual Machine) is a core virtualization infrastructure component in the Linux kernel, widely used by cloud providers to isolate tenant workloads. Vulnerabilities in KVM can lead to catastrophic security breaches where compromised guests attack the underlying host.

Source
Ars Technica
Published
Jul 9, 2026 at 03:01 AM
Score
9.0 / 10