Signal
Critical 15-16 year old Linux kernel flaws enable VM escapes and root access
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-07-07 10:00 UTCUpdated 2026-07-08 06:16 UTC
rss
cveexploitslinuxvirtualizationsecurity_advisories
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
Two long-standing Linux kernel vulnerabilities have recently been disclosed, exposing critical risks to virtualized environments and host systems.
Entities
Google CloudNebula SecurityJanuscapeGhostLockHyunwoo Kim
Score total
1.34
Momentum 24h
4
Posts
4
Origins
4
Source types
1
Duplicate ratio
0%
Why now
- The Januscape flaw was publicly fixed in June 2026 after being undiscovered for 16 years.
- GhostLock was disclosed in July 2026, revealing a 15-year-old privilege escalation bug.
- Both flaws highlight the ongoing risks of legacy code in widely deployed Linux kernels.
Why it matters
- These vulnerabilities break critical isolation boundaries in virtualized and containerized Linux environments.
- They enable attackers to escalate privileges from guest VMs or user accounts to full host control.
- Cloud providers and enterprises relying on Linux virtualization must urgently patch affected systems.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- Januscape is a 16-year-old use-after-free bug in Linux KVM allowing guest-to-host VM escape on Intel and AMD CPUs.
- GhostLock is a 15-year-old Linux kernel flaw enabling any logged-in user to gain root and container escape on most Linux distros.
How sources frame it
- CSO Online: neutral
All evidence
All evidence
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
thehackernews · thehackernews.com · 2026-07-08 06:16 UTC
Januscape: Guest-to-Host Escape in KVM/x86
NCSC-FI - Vulnerabilities · github.com · 2026-07-08 02:00 UTC
16-year-old KVM flaw allows attackers to escape VMs and take over Linux servers
CSO Online · csoonline.com · 2026-07-07 21:53 UTC
Linux bug dormant for 16 years can cause a VM escape
SC Media · scworld.com · 2026-07-07 19:29 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -
Showing 4 / 0
Top publishers (this list)
- thehackernews (1)
- NCSC-FI - Vulnerabilities (1)
- CSO Online (1)
- SC Media (1)
Top origin domains (this list)
- thehackernews.com (1)
- github.com (1)
- csoonline.com (1)
- scworld.com (1)