Januscape is a guest-to-host escape vulnerability (CVE-2026-53359) discovered by Hyunwoo Kim (@v4bel). It exploits a use-after-free in the shadow MMU emulation of KVM/x86, triggered entirely from within a guest VM. The bug resided in the Linux kernel for approximately 16 years and was used as a 0-day in Google kvmCTF. To the best of public knowledge, this is the first guest-to-host KVM exploit research triggerable on both Intel (VMX/EPT) and AMD (SVM/NPT).Documentation Index
Fetch the complete documentation index at: https://mintlify.com/V4bel/Januscape/llms.txt
Use this file to discover all available pages before exploring further.
Introduction
Overview of Januscape, its impact, and who is at risk
Affected Versions
Linux kernel commit range and patching guidance
Technical Background
KVM shadow MMU, nested virtualization, and rmap internals
Root Cause
Role-mismatch reuse in kvm_mmu_get_child_sp explained
PoC Usage
Build and run the kernel module inside a guest VM
The Patch
Upstream fix in commit 81ccda30b4e8 and what changed
What is Januscape?
Januscape targets the shadow MMU code path that KVM activates when a guest (L1) runs its own nested guest (L2) using Intel EPT or AMD NPT. The host kernel (L0) must shadow the page tables that L1 builds for L2, and a missing role check inkvm_mmu_get_child_sp() allows a shadow page of one role (direct split, direct=1) to be silently reused as a page of a different role (indirect, direct=0) when both happen to reference the same guest frame number. This role confusion breaks KVM’s rmap accounting, ultimately producing a use-after-free write or an immediate host kernel panic.
Running the PoC inside a guest VM triggers a host kernel panic. Use only on systems you are authorized to test.
Impact at a Glance
KVM Escape (DoS / RCE)
Guest actions alone can panic the host kernel or, with further exploitation, execute code as root on the host
Local Privilege Escalation
On RHEL and similar distros where /dev/kvm is world-writable, an unprivileged user can chain this into a root LPE
Dual-Architecture
Identical trigger on both Intel VMX/EPT and AMD SVM/NPT — the first such public KVM escape research
Cloud-Scale Threat
Threatens multi-tenant x86 public clouds (GCP, AWS) that expose nested virtualization to tenants
Quick Navigation
Background
Shadow paging and nested virt
Root Cause
The vulnerable code path
UAF Path
How the free becomes a write
DoS Path
Immediate host panic path
Exploit Overview
End-to-end exploit walkthrough
Disclosure Timeline
Coordinated disclosure history