Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home News
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

ITScape: Guest-to-Host Escape in KVM/arm64

tentortentor Member, Host Rep
edited June 11 in News

ITScape (CVE-2026-46316) is a KVM escape vulnerability in KVM/arm64 that allows a guest to escape to the host and execute commands on the host with kernel privileges (root). As far as is publicly known, this is the first guest-to-host escape exploit research targeting KVM/arm64. This is not one of the commonly disclosed QEMU escapes.

This vulnerability can threaten the guest-host isolation of KVM/arm64 hosts that run guests, particularly multi-tenant arm64 public clouds.

CVE-2026-46316 was reported to [email protected] and has been patched in mainline:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13031fb6b8357fbbcded2a7f4cba73e4781ee594

"ITScape" essentially refers only to CVE-2026-46316, for which a working exploit has been demonstrated. It is recommended to apply the following two patches:

Thanked by 8oloke nghialele gatewaysentryllc mandala buggedout WyvernCo 384_cz Porlam

Comments

Sign In or Register to comment.