16 år gammel Linux KVM-feil tillater VM-flukt på Intel og AMD

24 sources
  • Forsker Hyunwoo Kim har avdekket CVE-2026-53359, en use-after-free-sårbarhet i Linux KVMs skygge-paginering (shadow paging) som lar en gjeste-VM korrumpere vertens kjerne-minne på både Intel- og AMD-systemer.
  • Feilen har eksistert siden kjerne 2.6.36, utgitt i 2010, og utløses via nestet virtualisering utelukkende fra gjestesiden, ifølge oss-security-avsløringen.
  • Patchede stabile kjerner ble sendt ut 4. juli; skytjenesteleverandører oppfordres til å oppdatere eller deaktivere nestet virtualisering for ikke-klarerte gjester som et midlertidig tiltak.
Sources (24)
  1. 1 16 year old Critical Linux KVM Guest-to-Host Escape, PoC Public www.reddit.com
  2. 2 Januscape KVM/x86 Flaw Enables Guest-to-Host Escape and Root ... www.mallory.ai
  3. 3 A Long-Lived KVM Bug Resurfaces: Shadow Paging Use-After-Free ... darkwebinformer.com
  4. 4 Seven stable kernels for Saturday including two security fixes lwn.net
  5. 5 CVE-2026-53359: Our OpenStack KVM Security Response - vexxhost vexxhost.com
  6. 6 Januscape (CVE-2026-53359) — 16-year-old UAF in KVM shadow ... www.reddit.com
  7. 7 A new 16-year-old #Linux KVM flaw lets a rooted nested VM crash ... www.instagram.com
  8. 8 CVE-2026-53359 - Amazon Linux Security Center explore.alas.aws.amazon.com
  9. 9 Linux Kernel CVEs: What to Patch by Device (27 Jun – 4 Jul 2026) www.techveda.live
  10. 10 ITScape KVM/arm64 Escape Flaw Exposes Hosts to Guest-Led ... mallory.ai
  11. 11 CVE-2026-31588: Linux Kernel Use-After-Free Vulnerability www.sentinelone.com
  12. 12 When the bug is real but the path isn't: ITScape (CVE-2026-46316 ... nofire.ai
  13. 13 V4bel/ITScape - GitHub github.com
  14. 14 V4bel (@v4bel) / Posts and Replies / X - Twitter x.com
  15. 15 CVE-2026-31593 - Red Hat Customer Portal access.redhat.com
  16. 16 Januscape KVM Escape: CVE-2026-53359 PoC Disclosed securityonline.info
  17. 17 ITScape CVE-2026-46316 KVM/arm64 Vulnerability - LinkedIn www.linkedin.com
  18. 18 Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359] news.ycombinator.com
  19. 19 ssh-keysign-pwn (CVE-2026-46333) Patches Released almalinux.org
  20. 20 Security update for the Linux Kernel | SUSE Support www.suse.com
  21. 21 Opsec Mistakes Allowed U.S. to Link North Korean Man to Hacks www.securityweek.com
  22. 22 Open Source Security Mailing List - Seclists.org seclists.org
  23. 23 Vulnerability — Latest News, Reports & Analysis | The Hacker News thehackernews.com
  24. 24 Januscape Archives - Daily CyberSecurity securityonline.info

Legg igjen en kommentar

Your email address will not be published. Required fields are marked *