PoC Exploit Released for Critical Linux KVM Guest-to-Host Escape Vulnerability on ARM64
A proof-of-concept exploit has been published for CVE-2026-46316, a critical race condition in KVM's vGIC-ITS emulation that allows a guest VM to escape to the host kernel on ARM64 systems.
A proof-of-concept (PoC) exploit has been released for a critical Linux kernel vulnerability, CVE-2026-46316, that enables a guest-to-host escape in KVM environments on arm64 systems. The flaw, named “ITScape,” allows attackers to break out of a virtual machine and execute arbitrary commands on the host with full kernel-level privileges. The vulnerability was discovered by security researcher Hyunwoo Kim (V4bel) and affects the in-kernel KVM implementation rather than user-space components like QEMU. This makes the issue particularly severe, as exploitation results in a direct compromise of the host kernel rather than a confined user-space process.
ITScape is caused by a race condition in the vGIC-ITS (Interrupt Translation Service) emulation within KVM on arm64. By triggering specific interrupt-related operations from within a guest, an attacker can exploit a “double-put” condition that leads to memory corruption. This corruption can then be leveraged to achieve arbitrary code execution in the host kernel context. The released PoC demonstrates how the vulnerability can be triggered entirely from the guest VM without requiring any interaction from the host.
In the test setup, the exploit uses KVM self-tests and runs within a QEMU TCG environment to emulate an ARM64 host. The guest code performs crafted GIC/ITS MMIO operations that trigger a flaw in KVM’s interrupt handling logic, ultimately leading to host-level code execution. Successful exploitation is confirmed by creating a file named “/ITScape” on the host system with root ownership. Although the PoC is not fully weaponized for real-world attacks, it reliably demonstrates the complete exploit chain.
Researcher Hyunwoo Kim (V4bel) noted on GitHub that attackers familiar with cloud infrastructure could adapt the technique by tuning memory offsets, timing conditions, and kernel-specific parameters, making real-world exploitation feasible. The vulnerability impacts Linux kernel versions from April 2024 (commit 8201d1028caa) through early June 2026, before the patch introduced in commit 13031fb6b835. Systems running these versions in ARM64 KVM environments are vulnerable, particularly those hosting untrusted or multi-tenant workloads.
This issue is especially concerning for public cloud providers that use ARM64 infrastructure, where users typically have root access to their own virtual machines. In such scenarios, the vulnerability could allow an attacker to escape their VM, gain control of the host, and potentially compromise other tenants or workloads running on the same system. Importantly, the vulnerability does not affect x86 systems, as it is specific to the ARM64 KVM subsystem located in the Linux kernel’s virtualization code.
Security teams are strongly advised to apply the available patch immediately and verify that their systems are no longer running vulnerable kernel versions. Additional precautions include monitoring unusual VM behavior, limiting exposure to untrusted guests, and staying alert for further research into similar KVM escape techniques. The release of a working PoC significantly increases the risk of exploitation, making timely patching and proactive monitoring essential for affected environments.