ITScape KVM/arm64 Escape Flaw Exposes Hosts to Guest-Led Kernel RCE
A critical guest-to-host escape vulnerability in KVM on arm64 systems, tracked as CVE-2026-46316 and dubbed ITScape, was publicly disclosed with working proof-of-concept exploit code. Researcher Hyunwoo Kim reported that the flaw resides in the in-kernel vGIC-ITS implementation, where a race condition and double-put use-after-free in vgic_its_invalidate_cache() can be triggered entirely from an untrusted guest VM, allowing execution of commands on the host with kernel privileges.
The issue affects arm64 Linux kernels spanning builds from late April 2024 through early June 2026 and raises particular concern for multi-tenant public cloud environments running unpatched arm64 KVM hosts. The published PoC reportedly demonstrates host-kernel code execution on aarch64, including creation of a root-owned /ITScape file on the host, while Linux kernel maintainers have already merged a fix that changes vgic_put_irq() handling based on the return value of xa_erase(). The disclosure also advises applying additional related patches, including one addressing CVE-2026-46317.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Linux mainline kernel patch for CVE-2026-46316 is merged
The disclosure states that Linux kernel maintainers merged a patch for CVE-2026-46316 in the mainline kernel. The fix changes vgic_put_irq() so its cache reference is dropped only based on the value returned by xa_erase().
Hyunwoo Kim publicly discloses ITScape KVM escape with PoC
Hyunwoo Kim publicly disclosed CVE-2026-46316, dubbed ITScape, a guest-to-host escape vulnerability in KVM on arm64 systems, and stated that a working exploit and proof-of-concept had been developed. The flaw was described as a double-put use-after-free in the KVM/arm64 vGIC-ITS implementation that can let a guest execute commands on the host with kernel privileges.
Linux patches CVE-2026-46316 after embargoed disclosure
Hyunwoo Kim reported CVE-2026-46316 through an embargoed disclosure to linux-distros@vs.openwall.org, and Linux patched the flaw in commit 13031fb6b835. The reference dates that patch to 2026-06-05, before the later public disclosure and mainline merge reporting.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
PoC Exploit Released for Guest-to-Host Escape Linux Kernel Vulnerability
cybersecuritynews.com
Open sourceITScape KVM Escape: CVE-2026-46316 PoC Exploit Disclosed
securityonline.info
Open sourceGitHub - V4bel/ITScape · GitHub
github.com
Open sourceoss-sec: ITScape: Guest-to-Host Escape in KVM/arm64 (CVE-2026-46316)
seclists.org
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Xen Advisories Disclose Linux Guest Kernel Flaws Enabling Privilege Escalation
Xen has disclosed two Linux guest kernel vulnerabilities affecting virtualized environments, warning that both issues require patching and have no known mitigations. **CVE-2026-31786** (`XSA-485`) affects Linux kernels **4.13 and later** in Xen domains through unsafe handling of the binary build ID exposed at `/sys/hypervisor/properties/buildid`. The bug uses `sprintf()` on a non-null-terminated binary value, which can trigger an out-of-bounds read and, in rare cases, a write past the 4 KB sysfs buffer, potentially leading to **information disclosure, denial of service, or privilege escalation** inside Linux Xen guests. A second advisory, **CVE-2026-31787** (`XSA-487`), describes a **double-free** flaw in the Linux **Xen `privcmd` driver** that allows a **root user in a Linux guest** to bypass kernel lockdown protections tied to secure boot. Xen said the issue affects Linux **PVH or HVM domains** on **x86 and Arm** from kernel **3.8 onward**, while PV domains and non-Linux guests are not affected. The vulnerabilities were reported by **Frediano Ziglio of XenServer** and **Atharva Vartak (@0xAth4rv)**, respectively, and Xen urged operators to apply the supplied Linux patches.
Apr 30, 2026
Critical Arm TLBI Flaw Enables Privilege Escalation Across Exception Levels
Arm disclosed **CVE-2025-10263**, a critical flaw in many Arm CPU cores that can let memory accesses complete incorrectly during permission changes, creating a path for writes to resources owned by a higher exception level. The issue stems from a timing condition in TLB invalidation handling where completion of a `TLBI` is not guaranteed to mean all affected memory accesses have completed, leaving stale translations usable across privilege boundaries. Affected processors include multiple **Arm Neoverse** and **Cortex** cores as well as **NVIDIA Olympus**, and the flaw has implications for Stage 1, Stage 2, and **GPT** protections used for memory isolation and virtualization. Vendors and projects released coordinated advisories and patches after disclosure. **Linux** posted kernel fixes implementing Arm's software workaround, which adds an extra `TLBI` and `DSB` in certain invalidation paths, while **NVIDIA** issued a related mitigation for Olympus-based Vera CPUs. **Xen** published **XSA-493 v2**, warning that on multi-core Arm systems a malicious guest could potentially keep writing after Stage 2 permissions were changed, enabling hypervisor-level privilege escalation; patches were released for `xen-unstable` and supported stable branches from **Xen 4.17** through **4.21**. **FreeBSD** also issued an `arm64` security advisory covering the hardware issue.
Jun 10, 2026
KVM Shadow Paging Use-After-Free Exposes x86 Hosts to Guest-Triggered Memory Corruption
A use-after-free vulnerability in KVM's shadow paging code was disclosed after researchers Alexander Bulekov and Fred Griffoul of Amazon found stale reverse mappings in shadow EPT through fuzzing. The flaw affects x86 guests and is exploitable when nested virtualization is enabled on Intel or AMD processors, or when systems use shadow paging with EPT or NPT disabled. Maintainers said the bug can lead to kernel memory corruption and denial of service on the host, making it a guest-to-host risk in affected virtualization setups. The disclosure was coordinated by Sandipan Roy, who said reporters and maintainers agreed to an embargo that ended on March 29, 2026 at 16:00 UTC. Solar Designer said the issue had first been shared with the `linux-distros` list on March 10, 2026 and acknowledged the embargo exceeded that list's usual 14-day limit without prior approval, though it was allowed because the overrun was moderate and multiple stakeholders were already involved. The discussion also noted that on Linux kernels `6.16` and newer, the reproducer hits a `WARN` introduced by commit `11d45175111d`, raising questions about whether `panic_on_warn` could reduce exploitability.
Mar 31, 2026