Januscape:KVM/x86 客户机到宿主机的逃逸漏洞 [CVE-2026-53359]
Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359]

原始链接: https://github.com/V4bel/Januscape

**Januscape (CVE-2026-53359)** 是由 Hyunwoo Kim 发现的 KVM/x86 影子 MMU 中一个严重的释放后使用(use-after-free)漏洞。与以往的漏洞不同,这是首个同时影响 Intel 和 AMD 架构的漏洞。它允许拥有 root 权限的客户机虚拟机用户逃逸至宿主机内核,从而导致全机拒绝服务(DoS)或远程代码执行(RCE)。 该漏洞对支持嵌套虚拟化的多租户公有云环境构成了严重威胁。值得注意的是,它存在于内核级 KVM 中而非 QEMU,因此与虚拟化栈无关。该缺陷存在长达 16 年(2010–2026)才被修复。在 `/dev/kvm` 为全局可写(例如 RHEL)的系统上,该漏洞还可以作为本地提权(LPE)攻击,获取 root 权限。 建议用户务必确保其宿主机内核已更新至对应提交 `81ccda30b4e8` 的补丁。尽管目前已有触发宿主机内核崩溃的漏洞利用程序,但完整的逃逸代码尚未发布。ARM64 宿主机不受此特定漏洞影响。

**摘要:CVE-2026-53359 (Januscape)** Linux KVM 虚拟机管理程序中发现了一个名为“Januscape”(CVE-2026-53359)的关键安全漏洞。该漏洞影响 Intel 和 AMD x86 架构,存在已有 16 年之久。它允许攻击者从客户机逃逸至宿主机,从而可能获得宿主系统的完全控制权。 该漏洞主要影响启用了**嵌套虚拟化**的环境,这是多租户云平台和沙箱服务中常用的功能。尽管此漏洞威胁巨大,但可以通过在宿主机或虚拟机层面禁用嵌套虚拟化(例如通过内核参数 `kvm_intel.nested=0`)来缓解。 在 `/dev/kvm` 可被全局写入的发行版中,无特权用户也可利用此漏洞获得 Root 权限(本地提权)。目前虽已有导致宿主内核崩溃的概念验证(PoC)代码,但尚无完整的逃逸利用程序发布。KVM 维护人员已确认该漏洞,并建议对于高安全性、多租户的应用场景,应仔细权衡共享虚拟化基础设施所固有的风险与资源共享带来的收益。
相关文章

原文

tux

demo

This document describes the Januscape (CVE-2026-53359) vulnerability discovered and reported by Hyunwoo Kim (@v4bel). It is a KVM escape vulnerability that lets a guest escape to the host in a KVM/x86 environment. To the best of public knowledge, this is the first guest-to-host exploit research triggerable on both Intel and AMD rather than being limited to a single architecture.

Januscape is a use-after-free vulnerability in the shadow MMU emulation of KVM/x86. It can trigger the bug with guest-side actions alone to corrupt the host kernel's shadow page, and it can threaten the guest-host isolation of KVM/x86 hosts that accept untrusted guests and expose nested virtualization, particularly multi-tenant x86 public clouds (GCP, AWS, etc.).

In fact, Januscape was successfully used as a 0-day exploit in Google kvmCTF.

For the detailed technical information, see here.

Note

After reporting this vulnerability to [email protected], the agreed embargo has ended, so the exploit is posted to oss-security and this Januscape document is published. For the disclosure timeline, see the technical detail document.

Running the PoC inside a guest VM can trigger a host kernel panic. A full escape exploit that works in a controlled environment also exists, but it is not released at this time and is planned to be released in the very distant future.

On distributions like RHEL, /dev/kvm is world-writable (0666), so an unprivileged user could also turn this vulnerability into a reliable LPE to root. That said, doing so would be like paying gold for garbage, so I won't bother covering it.

  1. Inside the guest VM, install the headers and build the module.
# sudo apt-get install -y build-essential linux-headers-$(uname -r)
# make
  1. Load the module inside the guest. KVM holds the raw VMX/SVM state, so unload it first. Load with no argument on Intel, and with amd=1 on AMD.
[Intel]
# sudo rmmod kvm_intel; sudo insmod poc.ko

[AMD]
# sudo rmmod kvm_amd; sudo insmod poc.ko amd=1
  1. The race starts, and within seconds to minutes the host KVM panics.
[*] poc step 4/4: race live -- host DoS triggering
...
kernel BUG at arch/x86/kvm/mmu/mmu.c (pte_list_remove)
Comm: qemu-kvm

This PoC is intended to provide accurate information. Do not use it on systems you are not authorized to test.

Januscape (CVE-2026-53359) covers the range from 2032a93d66fa (2010-08-01) to 81ccda30b4e8 (2026-06-16).

In other words, this vulnerability lay dormant for about "16 years".

What is the impact of this vulnerability?

There are two impacts in total:

  1. KVM escape: With guest-side actions alone, an attacker can compromise the host that runs their VM. For example, an attacker who has rented just a single instance on a public cloud could panic the host kernel to take down every other tenant VM on the same physical machine (DoS), or run code with root privilege on the host to take over the host and all the guests on it (RCE).
  2. LPE: On distributions such as RHEL, /dev/kvm is world-writable (0666), so an unprivileged user can also use this vulnerability as a reliable LPE to gain root.

If you operate an x86 KVM host that accepts multi-tenant guests and supports nested virtualization, or use an instance on top of one, check that the 81ccda30b4e8 patch is applied to the host kernel.

Are arm64-based KVM hosts also vulnerable?

No. The vulnerability is triggered only on the Intel and AMD architectures. That said, if you have not yet patched the previously published ITScape (CVE-2026-46316), your arm64 hosts are also vulnerable, so apply the patch promptly.

Does this vulnerability occur in QEMU?

No. Unlike the commonly published QEMU escape vulnerabilities, Januscape occurs in in-kernel KVM, so it is triggered independently of QEMU's emulation. Because of this, it can also threaten large public clouds that implement and use their own virtualization stack.

Do I need root inside the guest VM?

Yes. Inserting the module requires guest kernel privilege. When you are allocated an instance on a public cloud, you usually have root on your own VM, so this is satisfied. In a scenario without guest root, it must be chained with an LPE such as Dirty Frag.

联系我们 contact @ memedata.com