whatisgithub

What is itscape?

v4bel/itscape — explained in plain English

Analysis updated 2026-05-18

91CAudience · researcherComplexity · 5/5Setup · hard

In one sentence

A documented security bug that let someone inside a virtual machine on arm64 KVM break out and gain root control of the host computer.

Mindmap

mindmap
  root((ITScape))
    What it does
      Documents a KVM escape bug
      Proves guest can control host
      Explains the race condition
    Tech stack
      C
      Linux kernel
      KVM arm64
      QEMU for testing
    Use cases
      Study virtualization security
      Verify a patch is applied
      Learn kernel vulnerability research
    Audience
      Security researchers
      Cloud infrastructure operators
      Kernel developers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Confirm whether a cloud host's arm64 kernel has the relevant security patch applied.

USE CASE 2

Study how a real world virtual machine escape vulnerability was discovered and exploited.

USE CASE 3

Use the proof of concept as a reference when researching similar kernel-level virtualization bugs.

What is it built with?

CLinux kernelKVMQEMUarm64

How does it compare?

v4bel/itscapenirvanaon/spotifyc2chaelsoo/hollow
Stars919880
LanguageCCC
Setup difficultyhardmoderatemoderate
Complexity5/53/53/5
Audienceresearcherdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1day+

Requires building a custom Linux kernel and running it under QEMU with specific kconfig and tooling.

No license information is provided in the README.

So what is it?

ITScape is a security research project that documents and demonstrates a serious bug in KVM, the technology that lets a single physical computer run many separate virtual machines at once. Cloud providers use KVM to give different customers their own isolated virtual servers on shared hardware. This project shows how a flaw in that isolation, specifically in the arm64 version of KVM, could let someone inside one of those virtual machines break out and run commands directly on the underlying host computer with full administrator level access. The bug lives in a part of KVM called vGIC-ITS, which handles how interrupts (signals that tell a computer's processor to pause and handle something urgent) are managed for virtual machines on arm64 hardware, the architecture used in many phones, some laptops, and a growing share of cloud servers. The flaw is a race condition, meaning it depends on two operations happening in an unexpected order or timing. Because the bug sits inside the Linux kernel itself rather than in the separate QEMU software that usually handles virtual machine emulation, it does not depend on QEMU at all, and it gives an attacker host level kernel privileges rather than the lower level access a QEMU process would normally have. The repository includes a proof of concept, a working demonstration that a person inside a guest virtual machine can trigger the bug and create a file on the host computer as proof of the escape. This proof of concept runs inside a QEMU emulated test environment for safety and is built on top of existing Linux kernel testing tools. It is described as a research demonstration rather than a fully weaponized attack tool. Turning it into something usable against a real cloud environment would still require significant additional work tailored to that environment. The project explains which kernel versions are affected, notes that the issue was reported responsibly and patched before publication, and states plainly that it only affects arm64 systems running KVM, not other processor types. It also warns that the code should only be used on systems the reader is authorized to test.

Copy-paste prompts

Prompt 1
Explain in simple terms how a KVM guest-to-host escape vulnerability like ITScape works.
Prompt 2
Walk me through how to check if my arm64 Linux kernel includes the ITScape patch.
Prompt 3
Summarize the affected kernel version range described in this repository.
Prompt 4
Explain what a race condition is using the ITScape vGIC-ITS bug as an example.

Frequently asked questions

What is itscape?

A documented security bug that let someone inside a virtual machine on arm64 KVM break out and gain root control of the host computer.

What language is itscape written in?

Mainly C. The stack also includes C, Linux kernel, KVM.

What license does itscape use?

No license information is provided in the README.

How hard is itscape to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is itscape for?

Mainly researcher.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.