CVE-2026-46316: KVM arm64 Guest Escapes to Host

by ddos · June 16, 2026

CVE-2026-46316 KVM escape KVM arm64 vulnerability, Linux kernel guest escape, vGIC-ITS race condition

Security researcher Hyeonwoo Kim has disclosed a vulnerability named ITScape that disrupted behavior within KVM on arm64 and allowed a guest virtual machine to break out onto its host system.

Critical Severity in the Linux Kernel, Not QEMU

The flaw carries the identifier CVE-2026-46316 and scores 9.3 on the CVSS 3.1 scale, rated Critical. Unusually, the problem does not reside in QEMU, where researchers commonly look for such issues. Instead, it lives in the Linux kernel itself, specifically within the KVM implementation for arm64. A race condition in the emulation of the vGIC-ITS interrupt controller allowed a guest system to influence how the host processes interrupts, ultimately enabling the guest to cause the host to execute arbitrary commands.

Host Kernel Privileges After a Successful Escape

The most alarming aspect of ITScape lies in the privileges an attacker gains. When the attack succeeds, code executes not with the rights of an ordinary virtualization process but with full host kernel privileges. In the researcher’s demonstration, the exploit escaped the guest and created a file at /ITScape on the host as a user with uid 0.

The author describes this as the first publicly documented case of a guest-to-host escape specifically targeting KVM on arm64. An attacker must already be operating inside the guest machine and must hold kernel-level privileges within it. In cloud environments, this precondition is often met by default, since customers typically receive administrator rights inside their own virtual machines.

Proof of Concept, Without Full Weaponization

A fully weaponized exploit has not been published. The available demonstration builds on KVM test code from the Linux source tree and is designed to safely reproduce the bug, including through QEMU TCG. Even so, the researcher warns that an attacker with deep knowledge of a specific cloud platform’s internals could adapt the attack chain to a real environment by mapping out addresses, offsets, race timing, and kernel parameters. The ITScape proof-of-concept code and technical write-up are available on GitHub.

Affected Versions and Scope

ITScape affects Linux versions from commit 8201d1028caa dated April 25, 2024, through commit 13031fb6b835 dated June 5, 2026, where the issue was fixed. The vulnerability is confined to KVM on arm64 and does not affect x86, since the faulty code resides exclusively within the arch/arm64/kvm/vgic/ directory.

Recommendations for Administrators and Cloud Users

Administrators running arm64 hosts with KVM, particularly in multi-tenant environments, should verify that their kernel includes the fix introduced in commit 13031fb6b835. Cloud server customers on arm64 hardware are advised to check with their provider about the update status. The researcher also considers ITScape the first representative of a new class of bugs and expects similar findings to emerge, while urging that any future variants be evaluated independently to determine whether they can be triggered from within the guest alone and whether they are suitable for real-world exploitation.