Google pays $250K for Linux vulnerability allowing VM hosts to escape



A Linux vulnerability that allows untrusted systems to gain root access to operating systems is one of two major vulnerabilities expected this week in open source systems.

The vulnerability resides in KVM, which is, in fact, a virtual machine that is included in many Linux distributions. The vulnerability, codenamed CVE-2026-53359, allows virtual machines – such as those used in cloud platforms to separate a user’s experience on the host OS from other users – to break out of the container.

Januscape: Threats to cloud platforms

The vulnerability affects KVM running on AMD and Intel processors. It takes advantage of bugs that exist in KVM guest-sidea VM partition that contains only the features such as the OS or drivers found in the guest VM, rather than the features found on the host machine. The vulnerability went undetected in the Linux kernel for 16 years.

Read the full article

Comments



Source link

اترك ردّاً

لن يتم نشر عنوان بريدك الإلكتروني. الحقول الإلزامية مشار إليها بـ *