A proof-of-concept (PoC) exploit has been publicly released for a critical Linux kernel vulnerability, tracked as CVE-2026-46316, that allows a malicious guest virtual machine to escape its virtualized boundary and execute arbitrary code on the host with full root privileges.
Dubbed “ITScape” by security researcher Hyunwoo Kim (V4bel), the flaw impacts the Kernel-based Virtual Machine (KVM) subsystem on ARM64 architectures and poses a significant threat to multi-tenant cloud environments.
The flaw lies in the vGIC-ITS (Virtual Generic Interrupt Controller Interrupt Translation Service) emulation logic within the Linux kernel’s in-kernel KVM implementation. It is triggered by a race condition that leads to a “double-put” scenario, ultimately enabling execution of host kernel code within a guest VM.
What makes ITScape especially severe is its location entirely within the Linux kernel, unlike traditional VM escape vulnerabilities that frequently target QEMU user-space components.
This distinction means successful exploitation yields direct kernel-level access rather than a compromise limited to a user-space process, dramatically raising the potential impact.
According to the technical documentation and the PoC published on GitHub, the exploit chain is triggered solely by guest-side actions.
A crafted guest workload performs specific GIC/ITS memory-mapped I/O (MMIO) operations to trigger the race condition, escape the virtualized environment, and execute code on the host, all without any interaction with user-space emulation layers.
Successful exploitation is confirmed by the creation of a file named /ITScape on the host system, owned by root, verify privilege escalation beyond the guest boundary.
The PoC is designed for controlled testing environments and uses QEMU TCG to emulate an ARM64 system, built on top of Linux KVM self-tests. To compile it against a vulnerable kernel tree (e.g., Linux v7.1-rc6), the researcher provides the following build invocation:
bash./build.sh <linux>/tools/testing/selftests/kvm
The compiled binary is then bundled into an initramfs and launched via a helper script:
bash./qemu.sh <kernel-image> <initramfs>
Inside the emulated environment, the PoC is executed directly as ./poc. The vulnerability affects kernel versions from commit 8201d1028caa (April 2024) to 13031fb6b835 (June 5, 2026), prior to the patch release.
CVE-2026-46316 is particularly alarming for public cloud providers that allow untrusted guest workloads on ARM64 hosts. Because the exploit undermines the fundamental isolation guarantees of virtualization, a successful attack could enable lateral movement, data exfiltration, or a full takeover of the infrastructure across co-hosted tenants.
While the current PoC is not fully weaponized for production cloud environments, the researcher notes that adapting it would be feasible for attackers with knowledge of specific kernel configurations, memory layouts, and timing adjustments.
Patch and Mitigation
The vulnerability was disclosed through a coordinated embargo via the Linux-distros security mailing list, and patches have been released. Security teams should take the following steps immediately:
- Update affected Linux kernels to a patched version
- Restrict untrusted guest execution on ARM64 hosts
- Apply strict VM isolation and sandboxing policies
- Monitor for anomalous KVM activity or interrupt controller behavior
The public release of a functional PoC significantly increases the risk of exploitation, making rapid patching and proactive detection essential for any organization operating ARM64-based virtualization infrastructure.
No Comment! Be the first one.