CVE-2026-46316, also known as ITScape, is a critical guest-to-host escape vulnerability in the vGIC-ITS (Interrupt Translation Service) emulation component of KVM/arm64. The issue was disclosed by researcher Hyunwoo Kim and affects ARM64-based virtualized infrastructures where untrusted guest operating systems are commonly deployed. The vulnerability stems from a race condition in the vgic_its_invalidate_cache() function. In practice, this leads to a double-use-after-free scenario, which can be leveraged to execute host kernel code. For multitenant cloud environments, this is a particularly serious risk, as a successful exploit could break isolation between a guest and the host...