Home Tech Google pays $250K for Linux vulnerability allowing guest VM escapes
Tech

Google pays $250K for Linux vulnerability allowing guest VM escapes

Share
Google pays 0K for Linux vulnerability allowing guest VM escapes
Share

A Linux vulnerability that allows untrusted virtual machines to gain root access to host machines is one of two high-severity flaws to surface this week in the open source operating system.

The vulnerability resides in KVM, which is, in essence, a virtual machine app included in the kernel of many Linux distributions. The vulnerability, tracked as CVE-2026-53359, allows guest virtual machines—such as those used in cloud platforms to isolate one user’s instance from the host OS and other user instances—to break out of that container.

Januscape: A threat to cloud platforms

The vulnerability affects KVM running on both AMD and Intel processors. It exploits bugs residing in the KVM guest-side, the portion of the VM that consists of only resources like the OS or drivers present in the guest VM, rather than resources present on the host machine. The threat went unnoticed in the Linux kernel for 16 years.

Read full article

Comments

Source link

Share

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Keep in touch

Subscribe to our newsletter to get our newest articles instantly!

    Copyright 2025. All rights reserved