Remix.run Logo
rvz a day ago

The full write up is here: [0].

This is a very nasty vulnerability and risks any service that uses and allows nested x86 virtualization features at risk. Including those running VMs as a service.

> Running the PoC inside a guest VM can trigger a host kernel panic. A full escape exploit that works in a controlled environment also exists, but it is not released at this time and is planned to be released in the very distant future.

The first commit that introduced this vulnerability was in 2010. [1] So it was undiscovered for 16 years until now [2].

It was only a matter of time that a vulnerability in KVM would appear. This one is really not good as it is the first KVM guest-to-host exploit working on both AMD and Intel.

[0] https://github.com/V4bel/Januscape/blob/main/assets/write-up...

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...

[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...

bonzini 20 hours ago | parent | next [-]

KVM maintainer here.

For what it's worth, this is a variant of a vulnerability discovered via fuzzing last April, CVE-2026-46113.

tryauuum 13 hours ago | parent [-]

how dangerous is the vulnerability in practice? How hard is to actually achieve the KVM escape?

bonzini 9 hours ago | parent [-]

If you're a cloud provider, it's all hands on deck.

For everyone else it's dangerous enough to look seriously at getting an updated kernel or apply mitigations, especially since those are easy (disable nested virtualization, only requires restarting guests). Note that this is true even if you're not running guests, having a user running untrusted code and with access to /dev/kvm is enough.

If you're not running anything untrusted, you probably won't be affected but probably should still look at getting an updated kernel or apply mitigations.

It's the worst class of vulnerabilities for KVM in many years (this is the third variant, after CVE-2026-23401 which is a bit different and not guest teiggerable, and 46113 which I have already mentioned and is basically the same bug as this one), on the other hand it also says something about KVM that nothing similar was found in so many years. It's interesting that while this one was found with AI the first two were found with old school (albeit very sophisticated) fuzzing.

TedDoesntTalk a day ago | parent | prev | next [-]

> So it was undiscovered for 16 years until now

Publicly undiscovered

huflungdung a day ago | parent | prev [-]

[dead]