Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/V4bel/Januscape/llms.txt

Use this file to discover all available pages before exploring further.

Januscape is a guest-to-host escape vulnerability (CVE-2026-53359) discovered by Hyunwoo Kim (@v4bel). It exploits a use-after-free in the shadow MMU emulation of KVM/x86, triggered entirely from within a guest VM. The bug resided in the Linux kernel for approximately 16 years and was used as a 0-day in Google kvmCTF. To the best of public knowledge, this is the first guest-to-host KVM exploit research triggerable on both Intel (VMX/EPT) and AMD (SVM/NPT).

Introduction

Overview of Januscape, its impact, and who is at risk

Affected Versions

Linux kernel commit range and patching guidance

Technical Background

KVM shadow MMU, nested virtualization, and rmap internals

Root Cause

Role-mismatch reuse in kvm_mmu_get_child_sp explained

PoC Usage

Build and run the kernel module inside a guest VM

The Patch

Upstream fix in commit 81ccda30b4e8 and what changed

What is Januscape?

Januscape targets the shadow MMU code path that KVM activates when a guest (L1) runs its own nested guest (L2) using Intel EPT or AMD NPT. The host kernel (L0) must shadow the page tables that L1 builds for L2, and a missing role check in kvm_mmu_get_child_sp() allows a shadow page of one role (direct split, direct=1) to be silently reused as a page of a different role (indirect, direct=0) when both happen to reference the same guest frame number. This role confusion breaks KVM’s rmap accounting, ultimately producing a use-after-free write or an immediate host kernel panic.
Running the PoC inside a guest VM triggers a host kernel panic. Use only on systems you are authorized to test.

Impact at a Glance

KVM Escape (DoS / RCE)

Guest actions alone can panic the host kernel or, with further exploitation, execute code as root on the host

Local Privilege Escalation

On RHEL and similar distros where /dev/kvm is world-writable, an unprivileged user can chain this into a root LPE

Dual-Architecture

Identical trigger on both Intel VMX/EPT and AMD SVM/NPT — the first such public KVM escape research

Cloud-Scale Threat

Threatens multi-tenant x86 public clouds (GCP, AWS) that expose nested virtualization to tenants

Quick Navigation

Background

Shadow paging and nested virt

Root Cause

The vulnerable code path

UAF Path

How the free becomes a write

DoS Path

Immediate host panic path

Exploit Overview

End-to-end exploit walkthrough

Disclosure Timeline

Coordinated disclosure history

Build docs developers (and LLMs) love