CVE-2026-53359 Januscape for MOSK compute nodes#22
Conversation
|
|
||
| ### Overview | ||
|
|
||
| On July 6, 2026, a high-severity vulnerability in the Linux kernel KVM/x86 hypervisor, dubbed **"Januscape" (CVE-2026-53359)**, was publicly disclosed. The flaw is a use-after-free in the KVM shadow MMU (`kvm_mmu_get_child_sp()` role-reuse logic) that has been present in the kernel since approximately 2010. It affects both Intel (VMX/EPT) and AMD (SVM/NPT) x8664 hosts and can be triggered from a guest virtual machine to corrupt host shadow page state, enabling **guest-to-host escape** (root code execution on the hypervisor) or **host kernel panic (denial of service)**. |
|
|
||
| **A public Proof-of-Concept (PoC) exploit that triggers host kernel panic is available**; do not run it on production hypervisors. A full guest-to-host escape exploit has not been published. The permanent fix requires a patched host kernel containing upstream fixes for both CVE-2026-53359 and CVE-2026-46113. As of July 9, 2026, Canonical has not yet shipped fixed kernels for any supported Ubuntu release used by MOSK ([Ubuntu CVE tracker](https://ubuntu.com/security/CVE-2026-53359) lists both 22.04 Jammy and 24.04 Noble as **Vulnerable**). | ||
|
|
||
| All MOSK compute nodes are x8664 and run QEMU/KVM via libvirt. MOSK enables nested virtualization (`nested=1`) by default on compute nodes by creating `/etc/modprobe.d/qemu-system-x86.conf`. Every compute node therefore runs a vulnerable host kernel until patched. |
|
|
||
| All MOSK compute nodes are x8664 and run QEMU/KVM via libvirt. MOSK enables nested virtualization (`nested=1`) by default on compute nodes by creating `/etc/modprobe.d/qemu-system-x86.conf`. Every compute node therefore runs a vulnerable host kernel until patched. | ||
|
|
||
| **Host vs. guest exposure:** the host kernel is vulnerable on all compute nodes. The known guest-to-host attack, however, can only be launched from tenant VMs that receive virtualization CPU extensions (`vmx`/`svm`) and `/dev/kvm` inside the guest. MOSK's default Nova `vcpu_type` is `host-model`, which does not expose these flags. Deployments using `host-passthrough` (or explicit CPU flags for nested-virtualization workloads) are the primary guest-side attack launch points. Mirantis recommends assessing exposure and applying mitigations without delay. |
There was a problem hiding this comment.
I am not sure that host-model is safe when nested kvm is enabled.
There was a problem hiding this comment.
I'd treat host-model as no protection. The real controls would be:
- Patch the host kernel (commit 81ccda30b4e8 + the CVE-2026-46113 fix)
- If you can't patch, set kvm_intel.nested=0 / kvm_amd.nested=0 at the module level
- Explicitly mask the flag per-guest ().
There was a problem hiding this comment.
I am actually pretty sure now that just setting host-model CPU when a) your host cpu does expose virtualization features (vmx/svm) and b) nested kvm is enabled will still effectively result in the guest VM having access to nested kvm
CVE-2026-53359Summary: Bottom line: The automated risk signals (KEV, EPSS) both read "low" and are misleading here. Treat this as a high-priority patch for any multi-tenant KVM/x86 host that exposes nested virtualization. KEV status: Not listed in the CISA Known Exploited Vulnerabilities catalog (as of this writing). Mitigations Patch affected KVM hosts to a fixed kernel (or apply a rebootless/live patch). This is the real fix. Remediation: Restrict /dev/kvm. On systems where /dev/kvm is world-accessible, the same bug is usable as local privilege escalation to root even without a guest. Tighten permissions. CVE-2026-46333EPSS 0.027% Accurate --> no exploit path, local-only, needs uid-0 |
pshchelo
left a comment
There was a problem hiding this comment.
I think all the talk about host-model should be omitted. The reality is more complicated and nuanced than could be explained in a short announcement, but just setting guest cpu type to host-model w/o disabling nested kvm will still result in guest VM having access to nested kvm.
|
|
||
| All MOSK compute nodes are x8664 and run QEMU/KVM via libvirt. MOSK enables nested virtualization (`nested=1`) by default on compute nodes by creating `/etc/modprobe.d/qemu-system-x86.conf`. Every compute node therefore runs a vulnerable host kernel until patched. | ||
|
|
||
| **Host vs. guest exposure:** the host kernel is vulnerable on all compute nodes. The known guest-to-host attack, however, can only be launched from tenant VMs that receive virtualization CPU extensions (`vmx`/`svm`) and `/dev/kvm` inside the guest. MOSK's default Nova `vcpu_type` is `host-model`, which does not expose these flags. Deployments using `host-passthrough` (or explicit CPU flags for nested-virtualization workloads) are the primary guest-side attack launch points. Mirantis recommends assessing exposure and applying mitigations without delay. |
There was a problem hiding this comment.
I am actually pretty sure now that just setting host-model CPU when a) your host cpu does expose virtualization features (vmx/svm) and b) nested kvm is enabled will still effectively result in the guest VM having access to nested kvm
Align scoping with lab-confirmed behavior: nested KVM enabled on virt-capable hosts exposes all tenant VMs regardless of Nova CPU settings. Add prerequisite exposure model, Nova cpu_model_extra_flags workaround, and simplified workarounds. Co-authored-by: Cursor <cursoragent@cursor.com>
Summary
nested=1) on virt-capable CPUs exposes every tenant VM to the guest-to-host attack path —host-modeldoes not mitigatenested=1+ VMX/SVM + guest root)nested=0+ reboot, or Novacpu_model_extra_flags+ instance restartx86-64typo; remove misleading host-model/host-passthrough and libvirt domain XML exposure checksTest plan
cpu_model_extra_flagsworkaround wording