💥 Introducing "Januscape" (CVE-2026-53359)
A Guest-to-Host Escape in KVM/x86 exploiting a UAF in the shadow MMU. Triggerable on both Intel and AMD hosts. Threatens x86 public clouds (GCP, AWS) that expose nested virtualization.
"16 years" latent. Successfully used as a 0-day exploit in "Google kvmCTF".
To the best of public knowledge, the first KVM exploit research triggerable on both Intel and AMD.
Details: https://t.co/df5GPpVfeA
I decided to look into GDID after this, and reading the court document gave some hints. After poking at some stuff I can confidently say I figured out majority of the system end to end. Check it out at https://t.co/z0AtBqH0qf
p.s yes Claude helped don't come yell at me AI haters