CVE-2026-45782

EUVD-2026-35870

10.06.2026, 00:16

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same head_index while asynchronous block I/O is enabled (e.g. io_uring, aio). When the kernel completes the duplicate operation before the original, the completion path frees a bounce buffer that the kernel is still actively reading from or writing to, corrupting the freed memory. This issue has been patched in versions 51.2 and 52.0.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://github.com/cloud-hypervisor/cloud-hypervisor/commit/1314ac883c641f1045bbb06dec0de045a3894baa

https://github.com/cloud-hypervisor/cloud-hypervisor/pull/8220

https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v51.2

https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v52.0

https://github.com/cloud-hypervisor/cloud-hypervisor/security/advisories/GHSA-f47p-p25q-83rh