Januscape Lets Guest Root Crash a Vulnerable Nested-Virt KVM/x86 Host, and Your Clearest Signal Is the Oops After the Fact
CVE-2026-53359 is a 16-year-old use-after-free in KVM’s shadow MMU that lets a guest-root attacker on a vulnerable nested-virt KVM/x86 host crash the box or, with a separate withheld exploit, run as root on the hypervisor. The clearest detection is a kernel oops in journald; the real control is patching plus turning off nested virt you never used.