{"id":270055,"date":"2026-06-11T03:20:00","date_gmt":"2026-06-11T07:20:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/11\/poc-exploit-released-for-linux-kernel-guest-to-host-escape-vulnerability\/"},"modified":"2026-06-11T06:20:13","modified_gmt":"2026-06-11T10:20:13","slug":"poc-exploit-released-for-linux-kernel-guest-to-host-escape-vulnerability","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/11\/poc-exploit-released-for-linux-kernel-guest-to-host-escape-vulnerability\/","title":{"rendered":"PoC Exploit Released for Linux Kernel Guest-to-Host Escape Vulnerability"},"content":{"rendered":"<p><a href=\"https:\/\/gbhackers.com\/poc-exploit-released-for-linux-kernel-vulnerability\/\">PoC Exploit Released for Linux Kernel Guest-to-Host Escape Vulnerability<\/a><\/p>\n<p><a href=\"https:\/\/gbhackers.com\/poc-exploit-released-for-linux-kernel-vulnerability\/\">https:\/\/gbhackers.com\/poc-exploit-released-for-linux-kernel-vulnerability\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-11 03:20:00<\/a><\/p>\n<p>Source Domain: <a href=\"gbhackers.com\">gbhackers.com<\/a><\/p>\n<p class=\"wp-block-paragraph\">A proof-of-concept (PoC) exploit has been publicly released for a critical Linux kernel vulnerability, tracked as CVE-2026-46316, enabling guest-to-host escape in KVM\/arm64 environments. <\/p>\n<p class=\"wp-block-paragraph\">The flaw, dubbed \u201cITScape\u201d by security researcher Hyunwoo Kim (V4bel), affects the Kernel-based Virtual Machine (KVM) subsystem and allows a malicious guest virtual machine to execute arbitrary commands on the host with full kernel (root) privileges. <\/p>\n<p class=\"wp-block-paragraph\">The issue has drawn significant attention due to its impact on virtualization security, particularly in multi-tenant cloud environments running ARM64 infrastructure.<\/p>\n<h2 id=\"h-poc-exploit-released-for-linux-kernel-flaw\" class=\"wp-block-heading\"><strong>PoC Exploit Released for Linux Kernel Flaw<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">The vulnerability resides in the vGIC-ITS (Virtual Generic Interrupt Controller \u2013 Interrupt Translation Service) emulation logic within the in-kernel KVM implementation. <\/p>\n<p class=\"wp-block-paragraph\">Specifically, it is caused by a race condition that leads to a \u201cdouble-put\u201d scenario, ultimately enabling host kernel code execution. <\/p>\n<p class=\"wp-block-paragraph\">Unlike traditional VM escape vulnerabilities that often target QEMU user-space components, ITScape exists entirely within the Linux kernel, making it more severe as exploitation yields direct kernel-level access rather than user-space process compromise.<\/p>\n<p class=\"wp-block-paragraph\">According to the technical documentation and PoC released on GitHub, the exploit chain can be triggered purely through guest-side actions, without requiring interaction with user-space emulation layers. <\/p>\n<p class=\"wp-block-paragraph\">The PoC demonstrates how a crafted guest workload performing specific GIC\/ITS memory-mapped I\/O (MMIO) operations can trigger the race condition, escape the virtualized environment, and execute code on the host. <\/p>\n<p class=\"wp-block-paragraph\">Successful exploitation is verified by the creation of a file named \u201c\/ITScape\u201d on the host system, owned by root, confirming privilege escalation beyond the guest boundary.<\/p>\n<p class=\"wp-block-paragraph\">The released PoC is designed for controlled testing environments and uses QEMU TCG to emulate an ARM64 system, allowing researchers to reproduce the&#8230;<\/p>\n<p><a href=\"https:\/\/gbhackers.com\/poc-exploit-released-for-linux-kernel-vulnerability\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>PoC Exploit Released for Linux Kernel Guest-to-Host Escape Vulnerability https:\/\/gbhackers.com\/poc-exploit-released-for-linux-kernel-vulnerability\/ Publish Date: 2026-06-11 03:20:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":270056,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/06\/PoC-Exploit-Released-for-Linux-Kernel-Guest-to-Host-Escape-Vulnerability-1.webp","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,31,89,71,57,27],"class_list":["post-270055","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-exploit","tag-flaw","tag-linux","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/270055"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=270055"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/270055\/revisions"}],"predecessor-version":[{"id":270057,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/270055\/revisions\/270057"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/270056"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=270055"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=270055"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=270055"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}