{"id":270282,"date":"2026-06-11T08:29:00","date_gmt":"2026-06-11T12:29:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/11\/poc-exploit-released-for-guest-to-host-escape-linux-kernel-vulnerability\/"},"modified":"2026-06-11T10:30:13","modified_gmt":"2026-06-11T14:30:13","slug":"poc-exploit-released-for-guest-to-host-escape-linux-kernel-vulnerability","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/11\/poc-exploit-released-for-guest-to-host-escape-linux-kernel-vulnerability\/","title":{"rendered":"PoC Exploit Released for Guest-to-Host Escape Linux Kernel Vulnerability"},"content":{"rendered":"<p><a href=\"https:\/\/cybersecuritynews.com\/poc-exploit-released-linux-kernel-vulnerability\/\">PoC Exploit Released for Guest-to-Host Escape Linux Kernel Vulnerability<\/a><\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/poc-exploit-released-linux-kernel-vulnerability\/\">https:\/\/cybersecuritynews.com\/poc-exploit-released-linux-kernel-vulnerability\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-11 08:29:00<\/a><\/p>\n<p>Source Domain: <a href=\"cybersecuritynews.com\">cybersecuritynews.com<\/a><\/p>\n<p class=\"wp-block-paragraph\">A proof-of-concept (PoC) exploit has been released for a critical Linux kernel vulnerability, CVE-2026-46316, that enables a guest-to-host escape in KVM environments on arm64 systems.<\/p>\n<p class=\"wp-block-paragraph\">The flaw, named \u201cITScape,\u201d allows attackers to break out of a virtual machine and execute arbitrary commands on the host with full kernel-level privileges.<\/p>\n<p class=\"wp-block-paragraph\">The vulnerability was discovered by security researcher Hyunwoo Kim (V4bel) and affects the in-kernel KVM implementation rather than user-space components like QEMU.<\/p>\n<p class=\"wp-block-paragraph\">This makes the issue particularly severe, as exploitation results in a direct compromise of the host kernel rather than a confined user-space process.<\/p>\n<p class=\"wp-block-paragraph\">ITScape is caused by a race condition in the vGIC-ITS (Interrupt Translation Service) emulation within KVM on arm64.<\/p>\n<p class=\"wp-block-paragraph\">By triggering specific interrupt-related operations from within a guest, an attacker can exploit a \u201cdouble-put\u201d condition that leads to memory corruption.<\/p>\n<p class=\"wp-block-paragraph\">This corruption can then be leveraged to achieve arbitrary code execution in the host kernel context.<\/p>\n<h2 id=\"h-poc-exploit-released-for-linux-kernel-vulnerability\" class=\"wp-block-heading\"><strong>PoC Exploit Released for Linux kernel Vulnerability<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">The released PoC demonstrates how the vulnerability can be triggered entirely from the guest VM without requiring any interaction from the host.<\/p>\n<p class=\"wp-block-paragraph\">In the test setup, the exploit uses KVM self-tests and runs within a QEMU TCG environment to emulate an ARM64 host.<\/p>\n<p class=\"wp-block-paragraph\">The guest code performs crafted GIC\/ITS MMIO operations that trigger a flaw in KVM\u2019s interrupt handling logic, ultimately leading to host-level code execution.<\/p>\n<p class=\"wp-block-paragraph\">\u00a0Successful exploitation is confirmed by creating a file named \u201c\/ITScape\u201d on the host system with root ownership. Although the PoC is not fully weaponized for real-world attacks, it reliably demonstrates the complete exploit chain.<\/p>\n<p class=\"wp-block-paragraph\">Researcher Hyunwoo Kim (V4bel) noted on GitHub that attackers familiar with cloud infrastructure could adapt the technique by tuning memory offsets, timing conditions, and kernel-specific parameters,&#8230;<\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/poc-exploit-released-linux-kernel-vulnerability\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>PoC Exploit Released for Guest-to-Host Escape Linux Kernel Vulnerability https:\/\/cybersecuritynews.com\/poc-exploit-released-linux-kernel-vulnerability\/ Publish Date: 2026-06-11 08:29:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":270284,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"http:\/\/cybersecuritynews.com\/wp-content\/uploads\/2026\/06\/PoC-Exploit-Released-for-Guest-to-Host-Escape-Linux-kernel-Vulnerability.webp","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,31,89,71,57,27],"class_list":["post-270282","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-exploit","tag-flaw","tag-linux","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/270282"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=270282"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/270282\/revisions"}],"predecessor-version":[{"id":270287,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/270282\/revisions\/270287"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/270284"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=270282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=270282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=270282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}