GitHub - V4bel/ITScape · GitHub

/" data-turbo-transient="true" />

Skip to content

Search or jump to...

Search code, repositories, users, issues, pull requests...

-->

Search

Clear

Search syntax tips

Provide feedback

--><br>We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Cancel

Submit feedback

Saved searches

Use saved searches to filter your results more quickly

-->

Name

Query

To see all available qualifiers, see our documentation.

Cancel

Create saved search

Sign in

/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up

Appearance settings

Resetting focus

You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

{{ message }}

V4bel

ITScape

Public

Notifications<br>You must be signed in to change notification settings

Fork

Star<br>53

main

BranchesTags

Go to file

CodeOpen more actions menu

Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit

History<br>5 Commits<br>5 Commits

assets

assets

README.md

README.md

build.sh

build.sh

kconfig

kconfig

poc.c

poc.c

qemu.sh

qemu.sh

View all files

Repository files navigation

ITScape: Guest-to-Host Escape in KVM/arm64

Abstract

This document describes the ITScape (CVE-2026-46316) vulnerability reported and patched by Hyunwoo Kim (@v4bel). It is a KVM escape vulnerability that lets a guest escape to the host in a KVM/arm64 environment and run commands on the host with kernel (root) privilege. To the best of public knowledge, this is the first guest-to-host escape exploit research targeting KVM/arm64.

ITScape exploits a race condition in the vGIC-ITS (Interrupt Translation Service) emulation of KVM/arm64. It triggers the bug with guest-side actions alone to escape to the host, and it can threaten the guest-host isolation of KVM/arm64 hosts that accept untrusted guests, particularly multi-tenant arm64 public clouds.

Unlike the commonly published QEMU escapes, the bug lives in in-kernel KVM rather than QEMU user-space, so it works independently of QEMU's emulation, and it can run commands on the host with host kernel privilege rather than the privilege of a user process (such as QEMU).

For the detailed technical information, see here.

Note<br>After reporting this vulnerability to linux-distros@vs.openwall.org, the agreed embargo has ended, so this ITScape document is now published. For the disclosure timeline, see the technical detail document.

PoC Structure

For safe testing, running the PoC under QEMU TCG is recommended. (Triggering the vulnerability has nothing to do with QEMU.) When run under QEMU TCG, the PoC has the following structure.

double-put -> HOST kernel code-exec">QEMU TCG: emulates an arm64 CPU (including EL2) so an arm64 kernel runs as the KVM host<br>└─ arm64 Host Kernel: the KVM host and the escape target<br>└─ poc: opens the HOST's /dev/kvm and creates one guest VM "G" (uid=1000)<br>└─ 1. G's guest code (run by poc via KVM_RUN) performs GIC/ITS MMIO<br>2. traps into the HOST's in-kernel KVM -> double-put -> HOST kernel code-exec

This PoC is not a fully weaponized exploit that runs immediately in an arm64 cloud environment, but demonstration code that reproduces the vulnerability and the full exploit chain on top of a kvm selftest. An attacker who knows the target cloud's virtualization stack implementation is expected to find the transition to weaponization itself not difficult, but it entails porting the selftest's host-side direct construction to a real guest-driven path and tuning the addresses, gadget, offsets, race timing, and so on to the target kernel version and config. A weaponized real-world exploit exists but is not being released.

PoC Usage

The PoC is built on top of the kvm selftest in the Linux kernel source. Download the v7.1-rc6 kernel source, the version right before the vulnerability was patched, then build the PoC with the build script. Then build the kernel image with the bundled kconfig.

/tools/testing/selftests/kvm"># ./build.sh /tools/testing/selftests/kvm

Put the built PoC into a suitable initramfs, then run qemu based on the attached QEMU script.

"># ./qemu.sh

After QEMU TCG boots, run poc. On a successful exploit, it escapes the guest and creates the /ITScape file on the host.

# ./poc<br>...<br>[+] /ITScape created by the host kernel (owner uid=0). verify: ls -la /ITScape<br># ls -la /ITScape<br>-rw-r--r-- 1 0 0 0 Jun 9 00:02 /ITScape

This PoC is intended to provide accurate information. Do not use it on systems you are not authorized to test.

Affected Versions

ITScape (CVE-2026-46316) covers the range from 8201d1028caa (2024-04-25) to 13031fb6b835 (2026-06-05).

FAQ

Should I be worried?

If you operate an arm64 KVM host that accepts multi-tenant guests, or use an instance on top of one, check that the 13031fb6b835 patch is applied...