
Long-standing Linux kernel flaw lets guest VMs break out to hosts on Intel and AMD
Hyunwoo Kim disclosed CVE-2026-53359, a 16-year-old Linux kernel use-after-free in KVM/x86 shadow MMU that enables guest-to-host VM escape on both Intel and AMD CPUs. A successful exploit can grant root on the host and potentially take over all VMs on a multi-tenant machine or crash the host kernel; patch 81ccda30b4e8 was applied in June 2026. Administrators should ensure patched kernels on KVM/x86 hosts, especially in cloud environments, as the risk is real for Google Cloud and AWS users. A PoC and write-up exist, though full public exploitation is not released yet, and attackers could chain with other flaws like Dirty Frag.



