CVE-2026-45782
Received Received - Intake
Use-After-Free in Cloud Hypervisor

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: GitHub, Inc.

Description
Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same head_index while asynchronous block I/O is enabled (e.g. io_uring, aio). When the kernel completes the duplicate operation before the original, the completion path frees a bounce buffer that the kernel is still actively reading from or writing to, corrupting the freed memory. This issue has been patched in versions 51.2 and 52.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2026-45782
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
cloud_hypervisor cloud_hypervisor From 21.0 (inc) to 51.2 (exc)
cloud_hypervisor cloud_hypervisor 51.2
cloud_hypervisor cloud_hypervisor 52.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in Cloud Hypervisor (CVE-2026-45782) allows a guest to cause a use-after-free condition leading to memory corruption, which can escalate to arbitrary code execution and a full guest-to-host escape.

This results in high confidentiality, integrity, and availability risks to the affected system and potentially to other systems.

Such risks could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.

However, the provided information does not explicitly discuss compliance impacts or specific regulatory considerations.

Executive Summary

CVE-2026-45782 is a use-after-free vulnerability in the Cloud Hypervisor's virtio-block asynchronous I/O completion feature. It occurs when a guest submits two virtio-block descriptor chains that reuse the same head_index while asynchronous block I/O is enabled (such as io_uring or aio). If the kernel completes the duplicate operation before the original, it frees a bounce buffer that is still actively being read from or written to, causing memory corruption.

This memory corruption can lead to uninitialized heap data being copied into the guest or freed memory contents being written to the disk image, creating a memory-corruption primitive in the Virtual Machine Monitor process. This flaw can escalate to arbitrary code execution and a full guest-to-host escape.

The vulnerability affects Cloud Hypervisor versions from 21.0 up to but not including 51.2 and 52.0, where it has been patched.

Impact Analysis

This vulnerability can have severe impacts including memory corruption within the Cloud Hypervisor process, which can be exploited to achieve arbitrary code execution and a full guest-to-host escape.

Because asynchronous I/O on virtio-block is enabled by default, users with default settings are affected. An attacker with local access can exploit this vulnerability with low attack complexity and no need for privileges or user interaction.

  • High confidentiality risk due to potential unauthorized data access.
  • High integrity risk from memory corruption and possible data tampering.
  • High availability risk as exploitation can lead to denial of service or system crashes.
Detection Guidance

The provided resources do not include specific detection methods or commands to identify the presence of this vulnerability on a network or system.

Mitigation Strategies

To mitigate the use-after-free vulnerability in Cloud Hypervisor (CVE-2026-45782), the recommended immediate step is to upgrade to a patched version of Cloud Hypervisor, specifically version 51.2 or 52.0.

Alternatively, if upgrading is not immediately possible, you can disable asynchronous I/O in your VM configuration by setting both _disable_io_uring=on and _disable_aio=on on each virtio-block device. This forces the use of a synchronous backend, eliminating the risk of the vulnerability but may reduce block I/O performance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45782. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart