Overview A working proof‑of‑concept (PoC) exploit has been released for CVE‑2026‑46316, a critical Linux kernel vulnerability that enables guest‑to‑host escape in KVM environments on ARM64 systems. The flaw, dubbed “ITScape,” allows attackers to break out of a virtual machine and execute arbitrary commands on the host with full kernel‑level privileges — a direct compromise of the host itself.
Vulnerability Details
Discovered by security researcher Hyunwoo Kim (V4bel), ITScape affects the in‑kernel KVM implementation, not user‑space components like QEMU. This makes the impact far more severe since exploitation targets the host kernel directly.
| Attribute | Description |
|---|---|
| CVE ID | CVE‑2026‑46316 |
| Name | ITScape |
| Type | Race Condition in vGIC‑ITS (Interrupt Translation Service) |
| Impact | Guest‑to‑Host Escape → Root Access on Host |
| Affected Systems | Linux Kernel (ARM64 KVM Subsystem) April 2024 – June 2026 |
| Patched Commit | 13031fb6b835 |
The vulnerability arises from a race condition in the vGIC‑ITS emulation within KVM on ARM64. By triggering specific interrupt‑related operations from a guest VM, attackers can exploit a “double‑put” condition that causes memory corruption and leads to arbitrary code execution in the host kernel context.
Proof‑of‑Concept Exploit
The released PoC demonstrates how ITScape can be triggered entirely from the guest VM without any host interaction.
- Exploit Mechanism → Crafted GIC/ITS MMIO operations trigger a flaw in KVM’s interrupt handling logic.
- Execution Result → Host‑level code execution confirmed by creating a file named
/ITScapeon the host with root ownership. - Environment → Runs within QEMU TCG to emulate an ARM64 host using KVM self‑tests.
Although the PoC is not weaponized for real‑world attacks, it reliably demonstrates the complete exploit chain — from guest trigger to host compromise.
Real‑World Risk
Researcher Hyunwoo Kim noted that attackers familiar with cloud infrastructure could adapt the technique by tuning memory offsets, timing conditions, and kernel‑specific parameters.
| Environment | Risk Level | Notes |
|---|---|---|
| Public Cloud Providers | 🔴 Critical | Multi‑tenant ARM64 hosts allow VM escape and cross‑tenant compromise |
| Private Cloud Deployments | 🟠 High | Untrusted guest VMs can gain host control |
| x86 Systems | 🟢 Unaffected | Vulnerability specific to ARM64 KVM subsystem |
This vulnerability poses a serious threat to cloud providers using ARM64 infrastructure, where users often have root access to their own VMs. A successful exploit could allow an attacker to escape their VM, gain control of the host, and compromise other tenants sharing the same hardware.
Mitigation and Recommendations
Security teams should act immediately to protect ARM64 KVM environments:
- Apply Patch → Update to the latest kernel commit (13031fb6b835).
- Monitor VM Behavior → Watch for unusual interrupt activity or unexpected host file creation.
- Restrict Untrusted Guests → Limit root access and segregate multi‑tenant workloads.
- Enable Kernel Hardening → Use memory sanitizers and race detectors to reduce attack surface.
- Stay Alert for New KVM Escapes → Follow ongoing research into similar guest‑to‑host techniques.
Expert in the Cloud Insight
The release of a working PoC for ITScape marks a turning point in ARM64 virtualization security. It proves that guest‑to‑host escapes are not just theoretical — they are demonstrable and adaptable.
For cloud architects and security leaders, the lesson is clear: virtualization boundaries are not absolute. Kernel‑level race conditions can collapse those boundaries in seconds. Timely patching and continuous monitoring are the only defenses against this new class of hypervisor threats.
Leave a Reply