A person renting a single virtual machine on a shared cloud server has been able, since at least 2010, to crash every other tenant's workload on the same physical host, and in the worst case to take the host over. The flaw, tracked as CVE-2026-53359 and named "Januscape" by its discoverer, lives in Linux's KVM hypervisor and went undetected for 16 years.
Independent researcher Hyunwoo Kim published a public proof-of-concept on GitHub that crashes the host from inside a guest VM, and said in the OpenWall oss-security disclosure that a full guest-to-host escape exists but will not be released. Google paid a $250,000 reward for the report, according to Ars Technica's reporting on the disclosure.
KVM is the virtualization layer Linux uses to run guest virtual machines. On x86 servers, KVM keeps a separate set of host-side page tables, called the shadow MMU, that quietly tracks which host pages belong to which guest. A use-after-free bug in that translation path lets guest code corrupt the host kernel's own page tables, the data structures that govern what memory any process is allowed to touch. Once those tables are corrupted, the attacker can either panic the host kernel, a denial-of-service that drops every other tenant's VM on the same machine, or, with more work, run arbitrary code at root privilege on the host and from there reach any other guest.
The bug affects both AMD and Intel x86 processors, according to SecurityWeek and Ars Technica, and the 16-year presence is the hook worth holding onto. Linux's KVM is the hypervisor beneath most public cloud infrastructure that runs on Linux, and the audit gap explains why shared open-source code can carry quiet assumptions for years about which code paths actually get exercised. Hypervisor MMU code is exactly the kind of path that needs adversarial review, and historically it has not had enough of it.
The size of Google's check is the signal. The company's Vulnerability Reward Program and its kCTF (Kernel CTF) tier reserve six-figure payouts for exactly this class of bug, a guest breaking out of its sandbox. Google is publicly treating the worst-case scenario, a single tenant rooting the host, as a real risk and not a theoretical one.
The fix is in the upstream kernel. CloudLinux has published explicit mitigation and kernel-update guidance for its distributions, and other distros, including Ubuntu, and Azure's kernel, will need to follow with their own backports. Until those patch rolls reach every shared host in a given region, the multi-tenant trust model is shakier than the marketing copy suggests. No attack in the wild has been confirmed. The live risk is the gap between "fixed upstream" and "fixed on the metal your VM is sitting on."
Two notes of restraint. Kim's public PoC only crashes the host; he has not released a working guest-to-host code-execution exploit. Ars Technica noted this vulnerability as one of two high-severity Linux flaws surfacing in the same week; the second item has not been pinned to a specific CVE in the public sources reviewed, so this piece makes no comparative claim about it.
The 16-year presence of the bug is what was. The patch cadence at the major cloud Linux distros over the next two to four weeks is what to watch.