Google pays $250K for Linux vulnerability allowing guest VM escapes

Google pays $250K for Linux vulnerability allowing guest VM escapes

谷歌支付 25 万美元奖励,修复允许虚拟机逃逸的 Linux 漏洞

A Linux vulnerability that allows untrusted virtual machines to gain root access to host machines is one of two high-severity flaws to surface this week in the open source operating system. 本周,开源操作系统 Linux 曝出两个高危漏洞,其中一个漏洞允许不受信任的虚拟机获取宿主机的 root 权限。

The vulnerability resides in KVM, which is, in essence, a virtual machine app included in the kernel of many Linux distributions. The vulnerability, tracked as CVE-2026-53359, allows guest virtual machines—such as those used in cloud platforms to isolate one user’s instance from the host OS and other user instances—to break out of that container. 该漏洞存在于 KVM 中,本质上是许多 Linux 发行版内核中包含的虚拟机应用程序。该漏洞被追踪为 CVE-2026-53359,它允许客户虚拟机(例如云平台中用于将用户实例与宿主操作系统及其他用户实例隔离的虚拟机)突破容器限制。

Januscape: A threat to cloud platforms Januscape:云平台的威胁

The vulnerability affects KVM running on both AMD and Intel processors. It exploits bugs residing in the KVM guest-side, the portion of the VM that consists of only resources like the OS or drivers present in the guest VM, rather than resources present on the host machine. The threat went unnoticed in the Linux kernel for 16 years. 该漏洞影响运行在 AMD 和 Intel 处理器上的 KVM。它利用了 KVM 客户机端(即虚拟机中仅包含操作系统或驱动程序等资源的部分,而非宿主机资源的部分)存在的缺陷。这一威胁在 Linux 内核中潜伏了 16 年之久,一直未被发现。

“With guest-side actions alone, an attacker can compromise the host that runs their VM,” Hyunwoo Kim, the researcher who discovered the flaw, wrote. “For example, an attacker who has rented just a single instance on a public cloud could panic the host kernel to take down every other tenant VM on the same physical machine (DoS), or run code with root privilege on the host to take over the host and all the guests on it (RCE).” “仅通过客户机端的操作,攻击者就可以攻破运行其虚拟机的宿主机,”发现该漏洞的研究员 Hyunwoo Kim 写道。“例如,攻击者只需在公有云上租用一个实例,就可以使宿主机内核崩溃,从而导致同一物理机上的所有其他租户虚拟机宕机(拒绝服务攻击),或者在宿主机上以 root 权限运行代码,进而接管宿主机及其上的所有客户机(远程代码执行)。”

Kim has named the vulnerability Januscape. The flaw is a use-after-free vulnerability—a form of memory corruption vulnerability that injects malicious code into recently freed regions of memory. The vulnerability resides in the shadow MMU emulation, a process that translates host memory addresses to hypervisor memory addresses and vice versa. Exploits will trigger guest-side actions alone to corrupt the host kernel’s shadow page, a data structure in the host that assists in the address translation. Kim 将该漏洞命名为 Januscape。这是一个“释放后使用”(use-after-free)漏洞,属于内存损坏漏洞的一种,通过将恶意代码注入到最近释放的内存区域中进行攻击。该漏洞存在于影子 MMU 模拟中,这是一个将宿主机内存地址转换为虚拟机管理程序内存地址(反之亦然)的过程。攻击者仅需触发客户机端操作,即可破坏宿主机内核的影子页(一种辅助地址转换的宿主机数据结构)。

Kim has released a proof-of-concept exploit that runs in the guest VM to trigger a crash on the host OS. He said an exploit that fully escapes the guest also exists but won’t be released until “the very distant future.” The vulnerability doesn’t occur in the QEMU, a separate process related to memory translation. That distinction means exploits can work even in cloud environments that implement and use their own virtualization stack. For exploits to work, the guest-VM user must have root privileges. Google has awarded $250,000 for the reporting of the vulnerability. Kim 发布了一个概念验证(PoC)漏洞利用程序,可在客户虚拟机中运行并导致宿主机操作系统崩溃。他表示,能够完全实现虚拟机逃逸的漏洞利用程序也存在,但要到“遥远的未来”才会发布。该漏洞不会出现在与内存转换相关的独立进程 QEMU 中。这一区别意味着,即使在实现并使用自有虚拟化堆栈的云环境中,该漏洞依然有效。要使漏洞利用成功,客户虚拟机用户必须拥有 root 权限。谷歌已为该漏洞的报告支付了 25 万美元的奖金。

Enter GhostLock GhostLock 登场

A separate vulnerability in Linux allows users with limited rights to escalate to root. Tracked as CVE-2026-43499, it lurked in the OS for 15 years. Researchers from Nebula Security said they discovered it using Vega, Nebula’s AI-assisted vulnerability scanner. 另一个 Linux 漏洞允许权限受限的用户提升至 root 权限。该漏洞被追踪为 CVE-2026-43499,在操作系统中潜伏了 15 年。来自 Nebula Security 的研究人员表示,他们是使用 Nebula 的人工智能辅助漏洞扫描器 Vega 发现该漏洞的。

Matt Lucas, a researcher and founder of RedEye Security, explained: The flaw lives in the kernel’s futex priority-inheritance machinery, the system that keeps an urgent task from getting stuck behind a trivial one. Part of that system is a cleanup step that tidies up after a task stops waiting. In one rare path, where a lock operation hits a dead end and has to back out, the cleanup runs at the wrong moment and wipes the wrong task’s record. The kernel is left holding a pointer to memory it has already freed and reused. Trusting that stale pointer is the entire bug: a classic use-after-free. RedEye Security 的研究员兼创始人 Matt Lucas 解释道:该缺陷存在于内核的 futex 优先级继承机制中,该系统旨在防止紧急任务被琐碎任务阻塞。该系统的一部分是一个清理步骤,用于在任务停止等待后进行清理。在一种罕见的路径中,当锁定操作陷入死胡同并必须回退时,清理程序会在错误的时间运行,并清除了错误任务的记录。内核因此持有一个指向已被释放并重用的内存指针。信任这个过期的指针就是整个漏洞的根源:一个典型的“释放后使用”漏洞。

From there Nebula chained a handful of steps to escalate the dangling pointer into full control, ending by tricking the kernel into executing their code as root. The futex priority-inheritance code they exploited dates to 2011, old, heavily used machinery that few had reread in years. The vulnerability, which Nebula has named GhostLock, has a severity rating of 7.8 out of 10. Google awarded the researchers $92,337. Like the $250,000 bounty paid for Januscript, it was awarded through Google’s kernelCTF bug-bounty program. 在此基础上,Nebula 串联了几个步骤,将悬空指针升级为完全控制权,最终诱骗内核以 root 权限执行他们的代码。他们利用的 futex 优先级继承代码可以追溯到 2011 年,这是一套陈旧且被广泛使用的机制,多年来几乎无人重新审视。该漏洞被 Nebula 命名为 GhostLock,严重程度评分为 7.8 分(满分 10 分)。谷歌向研究人员奖励了 92,337 美元。与 Januscript 获得的 25 万美元奖金一样,该奖金也是通过谷歌的 kernelCTF 漏洞赏金计划发放的。

Both flaws have received patches in the Linux kernel. Linux users should check their distribution to make sure the fixes have populated to their particular version. 上述两个漏洞均已在 Linux 内核中获得修复。Linux 用户应检查各自的发行版,确保修复程序已更新到其特定版本中。