PoC Exploit Released for Linux Kernel Guest-to-Host Escape Vulnerability

Staff Editor 2026-06-11
PoC Exploit Released for Linux Kernel Guest-to-Host Escape Vulnerability

PoC Exploit Released for Linux Kernel Guest-to-Host Escape Vulnerability

https://gbhackers.com/poc-exploit-released-for-linux-kernel-vulnerability/

Publish Date: 2026-06-11 03:20:00

Source Domain: gbhackers.com

A proof-of-concept (PoC) exploit has been publicly released for a critical Linux kernel vulnerability, tracked as CVE-2026-46316, enabling guest-to-host escape in KVM/arm64 environments.

The flaw, dubbed “ITScape” by security researcher Hyunwoo Kim (V4bel), affects the Kernel-based Virtual Machine (KVM) subsystem and allows a malicious guest virtual machine to execute arbitrary commands on the host with full kernel (root) privileges.

The issue has drawn significant attention due to its impact on virtualization security, particularly in multi-tenant cloud environments running ARM64 infrastructure.

PoC Exploit Released for Linux Kernel Flaw

The vulnerability resides in the vGIC-ITS (Virtual Generic Interrupt Controller – Interrupt Translation Service) emulation logic within the in-kernel KVM implementation.

Specifically, it is caused by a race condition that leads to a “double-put” scenario, ultimately enabling host kernel code execution.

Unlike traditional VM escape vulnerabilities that often target QEMU user-space components, ITScape exists entirely within the Linux kernel, making it more severe as exploitation yields direct kernel-level access rather than user-space process compromise.

According to the technical documentation and PoC released on GitHub, the exploit chain can be triggered purely through guest-side actions, without requiring interaction with user-space emulation layers.

The PoC demonstrates how a crafted guest workload performing specific GIC/ITS memory-mapped I/O (MMIO) operations can trigger the race condition, escape the virtualized environment, and execute code on the host.

Successful exploitation is verified by the creation of a file named “/ITScape” on the host system, owned by root, confirming privilege escalation beyond the guest boundary.

The released PoC is designed for controlled testing environments and uses QEMU TCG to emulate an ARM64 system, allowing researchers to reproduce the…

Source

More Stories

Planetary Annihilation: TITANS gets improved Linux support

Planetary Annihilation: TITANS gets improved Linux support

Staff Editor 2026-06-11
Airoha AN8801R Gigabit Ethernet PHY Driver Coming To Linux 7.2

Airoha AN8801R Gigabit Ethernet PHY Driver Coming To Linux 7.2

Staff Editor 2026-06-11
Proton-CachyOS update brings automatic HDR, Wayland improvements and more bug fixes

Proton-CachyOS update brings automatic HDR, Wayland improvements and more bug fixes

Staff Editor 2026-06-11

Terms and Conditions - Privacy Policy