📣 Send us your press release
Site updates every 15 minutes
Technology

Google Pays $250K for Linux VM Escape Vulnerability

Google has awarded $250,000 for a critical Linux vulnerability allowing guest virtual machines to gain root access to host systems.

8 July 2026
Google Pays $250K for Linux VM Escape Vulnerability

Google has paid $250,000 for a security flaw in the Linux kernel that enabled guest virtual machines to achieve root access on host machines. This vulnerability was one of two high-severity flaws reported this week for the open-source operating system.

The vulnerability, tracked as CVE-2026-53359, is located within KVM (Kernel-based Virtual Machine), a component integrated into many Linux distributions for virtualization. It allowed untrusted virtual machines, such as those used in cloud platforms to isolate user instances, to break out of their designated environments and gain control over the host OS.

This type of "VM escape" flaw poses a significant risk to cloud infrastructure and any system relying on KVM for virtual machine isolation. The exploit affected KVM running on both AMD and Intel processors, leveraging bugs within the guest-side components of the virtual machine.

According to reports, the vulnerability had remained undetected in the Linux kernel for 16 years. Google's payment was made through its bug bounty program to the researcher who discovered and responsibly disclosed the flaw.

Original source: arstechnica.com