AI Security AI安全 4d ago Updated 3d ago 更新于 3天前 49

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems 16年历史的Linux KVM漏洞允许Guest VM在Intel和AMD x86系统上逃逸至主机

A critical 16-year-old use-after-free vulnerability (CVE-2026-53359, "Januscape") exists in the Linux KVM shadow MMU code affecting both Intel and AMD x86 systems. The flaw allows a guest VM with root access and nested virtualization enabled to escape to the host, potentially causing a host panic or achieving full host code execution. Discovered by researcher Hyunwoo Kim, the bug stems from KVM reusing shadow pages based solely on memory address without verifying their role/type. The vulnerabili 发现名为“Januscape”(CVE-2026-53359)的Linux KVM hypervisor严重漏洞,存在长达16年,可允许Guest VM逃逸至Host内核。 漏洞根源在于影子MMU代码中的Use-After-Free缺陷,攻击者可通过重用错误的跟踪页类型破坏Host内核状态,导致主机恐慌或完全代码执行。 该漏洞同时影响Intel和AMD x86系统,是首个在两大主流架构上均可触发的Guest-to-Host逃逸漏洞,需Guest拥有root权限且Host启用嵌套虚拟化。 修复方案已合并入主线内核(commit 81ccda30b4e8),通过增加角色检查确保影子页仅在被重用前验

75
Hot 热度
70
Quality 质量
65
Impact 影响力

Analysis 深度分析

TL;DR

  • A critical 16-year-old use-after-free vulnerability (CVE-2026-53359, "Januscape") exists in the Linux KVM shadow MMU code affecting both Intel and AMD x86 systems.
  • The flaw allows a guest VM with root access and nested virtualization enabled to escape to the host, potentially causing a host panic or achieving full host code execution.
  • Discovered by researcher Hyunwoo Kim, the bug stems from KVM reusing shadow pages based solely on memory address without verifying their role/type.
  • The vulnerability impacts multi-tenant cloud environments where untrusted guests share physical hosts, posing significant risks to isolation and availability.
  • A one-line fix has been merged into the mainline kernel, with stable updates released in July 2026; disabling nested virtualization is recommended as an immediate mitigation.

Why It Matters

This vulnerability highlights the persistent security risks in long-standing virtualization infrastructure, demonstrating how deep-seated bugs in core kernel components like KVM can undermine multi-tenant cloud security. For AI practitioners and cloud providers, it underscores the necessity of rigorous kernel auditing and the potential impact of nested virtualization features on host stability and data isolation. The discovery also emphasizes the importance of responsible disclosure programs like Google's kvmCTF in identifying and resolving complex, low-level exploits before they are weaponized.

Technical Details

  • Vulnerability Mechanism: The bug is a use-after-free in the shadow MMU code where KVM matches tracking pages by memory address alone, ignoring the page type/role. This leads to the reuse of incorrect tracking pages, scrambling internal records and allowing an attacker to corrupt host kernel memory.
  • Exploit Conditions: Requires root access inside the guest VM and nested virtualization enabled on the host. The attack leverages the legacy shadow MMU path, which is forced even on hosts using hardware-assisted virtualization (EPT/NPT) when nested virtualization is active.
  • Impact Scope: Affects all x86 systems (Intel and AMD) running vulnerable Linux kernels since August 2010. The public PoC causes a host panic (DoS), while an unreleased exploit achieves full host code execution, potentially exposing other tenants on the same physical machine.
  • Remediation: Fixed via commit 81ccda30b4e8, which adds a check for role.word alongside the guest frame number (gfn) in kvm_mmu_get_child_sp(). Stable kernel versions patched include 7.1.3, 6.18.38, 6.12.95, 6.6.144, 6.1.177, 5.15.211, and 5.10.260.
  • Mitigation: Immediate mitigation involves disabling nested virtualization (kvm_intel.nested=0 or kvm_amd.nested=0). Note that ARM64 systems are not affected by this specific flaw, though a separate issue (ITScape) exists for that architecture.

Industry Insight

  • Audit Legacy Code Paths: The 16-year duration of this bug suggests that legacy code paths in critical infrastructure like KVM require continuous, specialized security auditing, particularly for memory management components that have seen minimal changes.
  • Re-evaluate Nested Virtualization Policies: Cloud providers hosting untrusted tenants should critically assess the necessity of exposing nested virtualization. If not required for specific workloads, disabling it by default significantly reduces the attack surface for guest-to-host escapes.
  • Proactive Patching Strategy: Given the severity of guest-to-host escapes and the availability of a reliable PoC for DoS, organizations must prioritize kernel updates over waiting for CVSS scores. Verification of patch inclusion via package changelogs is essential, as distribution backports may vary in version numbering.

TL;DR

  • 发现名为“Januscape”(CVE-2026-53359)的Linux KVM hypervisor严重漏洞,存在长达16年,可允许Guest VM逃逸至Host内核。
  • 漏洞根源在于影子MMU代码中的Use-After-Free缺陷,攻击者可通过重用错误的跟踪页类型破坏Host内核状态,导致主机恐慌或完全代码执行。
  • 该漏洞同时影响Intel和AMD x86系统,是首个在两大主流架构上均可触发的Guest-to-Host逃逸漏洞,需Guest拥有root权限且Host启用嵌套虚拟化。
  • 修复方案已合并入主线内核(commit 81ccda30b4e8),通过增加角色检查确保影子页仅在被重用前验证帧号和角色匹配。
  • 紧急缓解措施包括立即升级内核至指定稳定版本,或在无法修补时禁用嵌套虚拟化以切断攻击路径。

为什么值得看

该漏洞揭示了长期存在于基础设施核心的深层安全隐患,证明了即使经过多年审查,复杂虚拟化组件仍可能存在致命缺陷。对于云服务商和运维团队而言,理解此漏洞有助于评估多租户环境下的隔离风险,并制定更严格的内核更新策略。

技术解析

  • 漏洞机制:KVM影子MMU在复用页面跟踪记录时,仅依据内存地址进行匹配,忽略了页面的“角色”(type/role)。这导致不同类型的跟踪页可能被错误复用,引发Use-After-Free,进而扰乱内核内部记录。
  • 攻击条件与影响:攻击需要Guest端拥有root权限且Host端启用了嵌套虚拟化(迫使KVM使用有缺陷的影子MMU而非硬件EPT/NPT)。公开PoC可导致主机崩溃(DoS),未公开的完整利用链可实现Host端的任意代码执行(RCE)。
  • 修复细节:维护者Paolo Bonzini在kvm_mmu_get_child_sp()函数中增加了一行代码,使重用条件同时检查role.word和gfn,确保只有当帧号和角色均匹配时才重用影子页。
  • 受影响范围:自2010年(kernel 2.6.36)引入的代码直至2026年6月19日才在主线上修复。ARM64架构不受此特定漏洞影响,但此前已发现相关的ITScape漏洞。

行业启示

  • 强化内核安全审计:长达16年的潜伏期表明,核心基础设施代码需要持续、深度的安全审查,特别是涉及内存管理和虚拟化隔离的关键路径。
  • 最小化特权与功能暴露:云提供商应严格限制嵌套虚拟化的可用性,仅在确实需要且信任Guest的情况下启用,以减少攻击面。
  • 快速响应机制的重要性:鉴于此类漏洞的高危害性,建立针对内核漏洞的快速补丁分发和验证流程至关重要,不能仅依赖版本号判断,需核对具体提交记录。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Security 安全 Open Source 开源 Research 科学研究