Skip to main content
  1. Blog
  2. Article

seth-arnold
on 11 July 2026

Januscape vulnerability CVE-2026-53359 mitigations available


Introduction

A local privilege escalation (LPE) vulnerability affecting the Linux kernel was publicly disclosed on July 6, 2026. The vulnerability was assigned CVE ID CVE-2026-53359 and is referred to as Januscape. This vulnerability affects all Ubuntu releases.

Neither NVD nor Kernel.org have published their own CVSS scores for this issue; we calculated it as CVSS 4 8.4 and have seen others publish CVSS 3 7.8, 8.8, and CVSS 4 9.3.

The vulnerability affects nested virtualization in the KVM system on Intel and AMD x86_64 systems. Other architectures are not affected. A Proof of Concept exploit was published that demonstrates crashing a hypervisor host from a guest. Some reports claim that a full exploit exists.

The fix must be installed in the hypervisor’s kernel: if you are using a cloud service provider with a hypervisor based on Linux KVM on Intel or AMD hardware and you can use nested virtualization, your VM or host may be compromised by another tenant. If your cloud service provider does not allow nested virtualization, you are not affected by this issue.

If you run hypervisors yourself, your attack surface is from root in your guest virtual machines.

Linux kernel packages which implement the proposed patch will be released. Until security updates are available, you can disable nested virtualization to prevent abuse of this issue. This might disrupt your legitimate work and you should weigh the pros and cons before using this mitigation.

This post describes how to disable nested virtualization.

Which Ubuntu releases are affected by CVE-2026-53359?

ReleasePackage NameRemediation status
Trusty (14.04)linuxFix pending
Xenial (16.04)linuxFix pending
Bionic (18.04)linuxFix pending
Focal (20.04)linuxFix pending
Jammy (22.04)linuxFix pending
Noble (24.04)linuxFix pending
Resolute (26.04)linuxFix pending

How to check if you are impacted by CVE-2026-53359


grep . /sys/module/kvm_{amd,intel}/parameters/nested
# 1 or Y means you are impacted. 0 or N means mitigated.
# One or two "No such file or directory" is expected.
# Two "No such file or directory" does not itself mean
# you are safe -- the module may still be loaded later.

Impact of CVE-2026-53359

Deployments without virtualization workloads

Even if you do not have virtual machines running now, system services such as libvirt, lxd, multipass, incus, etc may allow users to create virtual machines in future. An attacker could use the ability provided by these services to create virtual machines and perform local privilege escalation (LPE) by exploiting this vulnerability. Device node permissions may also allow users the necessary permissions to exploit the vulnerability. Inspect the output of namei -l /dev/kvm and getfacl /dev/kvm to see the permissions on the usual device node. You should ensure that only privileged users can write to the /dev/kvm device. The default on Ubuntu is that /dev/kvm is only writable by the superuser (root) and the kvm group. Only privileged users are added to the kvm group.

Deployments with container workloads

Unprivileged containers do not have sufficient permissions to start KVM-accelerated virtual machines and are thus not a vector for concern. Privileged containers may have sufficient permissions to start KVM-accelerated virtual machines and should not be considered safe. These should be treated as per the ‘Deployments without virtualization workloads’ section, above.

Deployments with virtualization workloads

Any process or user inside a virtual machine that can cause kernel module loading – or supply a new kernel – can manipulate page tables sufficiently to crash or potentially exploit the host or exploit other guest virtual machines on the host.

How to apply mitigations for CVE-2026-53359

You can disable virtualization nesting on your hosts:

# unload modules, both are harmless
sudo rmmod kvm_amd ; sudo rmmod kvm_intel
# look to see if any configuration file forces nesting on
grep nested /etc/modprobe.d/*
# disable nesting for the implementations of KVM in both AMD and Intel processors
echo 'options kvm_amd nested=0' | sudo tee /etc/modprobe.d/nested.conf
echo 'options kvm_intel nested=0' | sudo tee -a /etc/modprobe.d/nested.conf

# reload modules if necessary, both are harmless
sudo modprobe kvm_amd ; sudo modprobe kvm_intel

Further reading

Related posts


Luci Stanescu
1 July 2026

DirtyClone Linux kernel local privilege escalation vulnerability fixes available

Ubuntu Ubuntu tech blog

On June 25, 2026, JFrog published their research into CVE-2026-43503, referring to the vulnerability as DirtyClone. The vulnerability had previously been responsibly disclosed to the Linux kernel maintainers and the CVE record published on May 23, 2026. The vulnerability affects multiple Linux distributions, including all Ubuntu releases. ...


Luci Stanescu
1 July 2026

pedit COW kernel local privilege escalation vulnerability mitigations

Ubuntu Ubuntu tech blog

Mitigations are available for the Linux vulnerability with CVE ID CVE-2026-46331. The CVE ID was assigned on June 16 2026 and highlighted as a local privilege escalation (LPE) vulnerability on June 26, 2026. Known as “pedit COW”, this vulnerability affects multiple Linux distributions, including all Ubuntu releases starting with Bionic Be ...


seth-arnold
21 May 2026

PinTheft Linux kernel vulnerability mitigation

Ubuntu Ubuntu tech blog

A local privilege escalation (LPE) security vulnerability in the Linux kernel, codename “PinTheft,” was publicly disclosed on May 19, 2026. The vulnerability was fixed in the mainline Linux kernel tree. A proof-of-concept exploit was published along with public disclosure. This has been assigned the CVE ID CVE-2026-43494; other discoverin ...