CVE-2026-45782: Cloud Hypervisor: Use-after-free in virtio-block Async I/O Completion
Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same head_index while asynchronous block I/O is enabled (e.g. io_uring, aio). When the kernel completes the duplicate operation before the original, the completion path frees a bounce buffer that the kernel is still actively reading from or writing to, corrupting the freed memory. This issue has been patched in versions 51.2 and 52.0.
Metrics
- CVSS v4.0
- 8.9
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
Use-after-free in Cloud Hypervisor's virtio-block asynchronous I/O completion path, affecting versions 21.0 through 51.1. A guest operating system can trigger the bug without any host-side authentication by submitting two virtio-block descriptor chains that share the same head_index while async I/O (io_uring or aio) is active; when the kernel resolves the duplicate operation first, the host process frees a bounce buffer that the kernel is still reading from or writing to, corrupting memory. Successful exploitation gives an attacker full read, write, and denial-of-service capability against the cloud-hypervisor host process and potentially any co-resident virtual machines. No fix version has been published upstream yet; HarborGuard tracks the advisory and will make a patched-image rebuild available as soon as a fix is released.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Cloud Hypervisor. Any image in a connected registry or CI pipeline running an affected version (21.0 through 51.1) is flagged automatically.
AvailableHarborGuard surfaces this CVE with its CVSS v4.0 score of 8.9 (HIGH) and weights it against each environment's compliance policy to determine urgency and routing. Triage tickets are delivered to the team inbox configured for the affected workload, along with the affected version range and the exploit preconditions.
AvailableBecause no upstream fix version has been published, HarborGuard re-evaluates the advisory on every ingest cycle and will make a patched-image rebuild available the moment the upstream maintainers ship versions 51.2 or 52.0. For customers who opt into auto-remediation, the rebuild, regression-test run, and PR against affected workloads will be triggered automatically once a fix is available.
Pending upstreamExploit Conditions
- Network reachabilityNot required
The attacker needs an existing shell or process on the host, or control of a guest VM; no network path to the host is required to trigger the virtio-block completion race.
- AuthenticationNot required
No host-level credentials are needed; a guest with access to a virtio-block device can submit the malicious descriptor chains without any authentication.
- Victim interactionNot required
No human interaction on the host side is required; the race is triggered entirely by the guest submitting crafted I/O descriptors.
- Attack complexityDetail
The exploit relies on a timing-dependent condition (AT:P): the kernel must complete the duplicate async I/O operation before the original, introducing a race that may require repeated attempts to win reliably.
Blast Radius
- An attacker reads arbitrary memory from the cloud-hypervisor process, exposing encryption keys, guest memory contents, and host credentials held in that process.
- An attacker writes to freed memory regions, redirecting control flow or corrupting data structures inside cloud-hypervisor.
- The cloud-hypervisor process crashes or becomes unresponsive, taking down all virtual machines it manages on that host.
- Because SC/SI/SA are all rated High, impact extends beyond the originating guest VM to co-resident workloads sharing the same host hypervisor instance.
How HarborGuard Handles This
Available on HarborGuard: because no upstream patch exists for CVE-2026-45782, HarborGuard continuously re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment versions 51.2 or 52.0 are published. In the interim, compensating controls are available to reduce exposure: network-policy isolation can restrict which workloads are permitted to attach virtio-block devices; where your deployment model allows it, disabling async I/O backends (io_uring and aio) in favor of synchronous I/O eliminates the race condition entirely; and egress filtering on the hypervisor host can limit the blast radius if the process is compromised. Where compliance policy permits, auto-remediation customers will receive the rebuild, regression-test run, and an opened PR against affected workloads within minutes of upstream publication, with a median time from CVE publication to merged patch PR for high-severity issues of around 90 minutes for environments with auto-remediation enabled.
- cloud-hypervisor / cloud-hypervisor>= 21.0, < 51.2
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H- https://github.com/cloud-hypervisor/cloud-hypervisor/security/advisories/GHSA-f47p-p25q-83rh
- https://github.com/cloud-hypervisor/cloud-hypervisor/pull/8220
- https://github.com/cloud-hypervisor/cloud-hypervisor/commit/1314ac883c641f1045bbb06dec0de045a3894baa
- https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v51.2
- https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v52.0