Linux kernel Januscape vulnerability threatens global data centers
Researchers have uncovered a critical Linux kernel flaw, dubbed Januscape, that has been present for 16 years. The vulnerability affects x86 servers using Intel or AMD processors and enables a virtual machine to escape its sandbox, gaining full control over the host server and other co‑tenant VMs. Exploitation can also trigger a kernel panic, instantly crashing the machine.
The bug was introduced on 1 August 2010 and remained unnoticed until now. Cloud providers such as Amazon, Google and Microsoft have reportedly applied the necessary patch, identified as 81ccda30b4e8, to their infrastructure. Operators of private servers are urged to update their kernels immediately to mitigate the risk of data theft, unauthorized hardware access, and service disruption.