New Januscape Linux flaw allows VM escape on Intel, AMD devices
A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host. [...]
AMD designs processors and graphics hardware; flaws in their firmware, drivers, or platform security can expose systems to compromise.
Search across headline titles and summaries.
Background for this topic.
AMD is a semiconductor designer whose x86 CPUs, GPUs, accelerators, and embedded processors run PCs, servers, cloud hosts, and specialized systems. Their security depends on more than the silicon: CPU microcode, UEFI/BIOS firmware, device firmware, and platform components such as the AMD Secure Processor and virtualization extensions are also part of the attack surface.
AMD security advisories can cover speculative-execution flaws, firmware vulnerabilities, or weaknesses affecting virtualization and memory isolation. Exploitation may require local access or specific configurations, so impact depends on the processor, firmware, operating system, and workload. Defenders should track AMD and system-vendor advisories, identify affected CPU models, and deploy validated BIOS/UEFI, microcode, driver, and hypervisor updates. AMD Secure Encrypted Virtualization can reduce some risks from unauthorized host access to virtual-machine memory, but it does not replace guest hardening or protect every firmware and device path. Asset inventories and incident investigations should record processor and firmware versions when hardware-level issues are relevant.
Weekly headline count for the current query.
A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host. [...]
Januscape: A 16-year-old Linux KVM flaw lets cloud VM tenants crash hosts and potentially escape guests. It affects Intel and AMD systems. Security researcher Hyunwoo Kim has published details of a use-after-free vulnerability in Linux’s KVM hypervisor that allows code running inside a guest virtual machine to corrupt host kernel memory. The bug, tracked as […]
A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it