PoC Released for ITScape Linux Kernel KVM Escape Vulnerability

A public proof-of-concept exploit has been released for CVE-2026-46316, a Linux kernel vulnerability that affects KVM on arm64 systems.

The flaw, called ITScape, can allow a malicious guest virtual machine to escape to the host and execute commands with host kernel privileges. The issue matters most for arm64 KVM hosts that run untrusted or multi-tenant virtual machines.

The public ITScape write-up says the bug lives in the in-kernel KVM implementation, not in QEMU user space. That makes successful exploitation more serious because it can directly compromise the host kernel rather than a user-space emulator process.

ITScape Targets KVM on arm64 Hosts

The vulnerability sits in the vGIC-ITS emulation code used by KVM on arm64. vGIC-ITS, or virtual Generic Interrupt Controller Interrupt Translation Service, helps manage interrupt translation for virtual machines on ARM systems.

According to the researcher’s disclosure on oss-security, ITScape can be triggered from inside a guest VM and can lead to command execution on the host with root-level kernel privileges.

The root cause is a race condition in the Linux kernel’s vgic_its_invalidate_cache() function. The bug can cause a double-put use-after-free condition when multiple invalidation paths interact with the same cache entry.

Item	Details
CVE	CVE-2026-46316
Name	ITScape
Affected component	Linux kernel KVM, arm64 vGIC-ITS
Impact	Guest-to-host escape with host kernel privilege
Architecture	arm64 only
x86 impact	Not affected by this vulnerability

Public PoC Shows Full Escape Chain

The released PoC demonstrates the bug through a controlled test setup based on KVM selftests. It runs under QEMU TCG for safer reproduction, but the flaw itself is unrelated to QEMU emulation.

In the demonstration, guest code performs crafted GIC and ITS MMIO operations. Those operations trap into the host’s in-kernel KVM code, trigger the double-put condition, and lead to host kernel code execution.

Successful exploitation in the PoC creates a file named /ITScape on the host with root ownership. The author says the released version is demonstration code, not a ready-to-run cloud exploit.

Patch Landed in Linux Mainline

The fix landed in the Linux kernel through commit 13031fb6b835. The patch changes how KVM drops translation cache references so that a reference is dropped only for the entry that the current context actually removed.

OSV’s Ubuntu entry lists the vulnerability with a CVSS v3.1 score of 9.3 and describes the same cache reference issue in Ubuntu’s CVE data. Vendor severity ratings still vary, so administrators should check their own distribution advisories and kernel package status.

The affected upstream range is tied to the introduction of the per-ITS translation cache in April 2024 and the mainline fix in June 2026. Operators should not rely only on kernel version numbers because distributions may backport fixes into older supported kernels.

• Patch arm64 KVM hosts that run untrusted guests.
• Confirm whether the fix for commit 13031fb6b835 has been applied or backported.
• Check cloud provider advisories if you run workloads on arm64 virtual machines.
• Monitor for unusual guest behavior on multi-tenant virtualization hosts.
• Restrict untrusted guest access where patching cannot happen immediately.

Why Cloud Providers Should Treat It Seriously

ITScape is especially relevant for public cloud and hosting environments built on arm64 KVM. In many cloud setups, customers have root access inside their own virtual machines, which can satisfy the guest-side privilege requirement needed to drive the vulnerable interrupt paths.

ReversingLabs notes that the issue threatens multi-tenant arm64 cloud environments because successful exploitation can yield host root. Its research also provides detection ideas, including YARA rules for known PoC artifacts.

The risk is narrower for standard Linux desktops, x86 servers, and arm64 systems that do not run KVM guests. The vulnerability is in the arm64 KVM vGIC path, so x86 virtualization hosts do not fall under this specific issue.

Admins Should Verify Kernel Fixes Now

Security teams should prioritize host-side patching. Updating guest operating systems alone does not remove the risk if the vulnerable host kernel remains in use.

The safest mitigation is to apply vendor-provided kernel updates or confirm that the upstream Linux kernel patch has been backported. Teams should also review OSV vulnerability data and distribution trackers for package-specific status.

For larger environments, defenders can combine patch verification with exploit monitoring. The ReversingLabs analysis includes indicators and detection guidance, while the original oss-security disclosure explains the vulnerability class and disclosure context.

FAQ