CVE-2026-45782
Severity CVSS v4.0:
HIGH
Type:
CWE-416
Use After Free
Publication date:
10/06/2026
Last modified:
10/06/2026
Description
Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same head_index while asynchronous block I/O is enabled (e.g. io_uring, aio). When the kernel completes the duplicate operation before the original, the completion path frees a bounce buffer that the kernel is still actively reading from or writing to, corrupting the freed memory. This issue has been patched in versions 51.2 and 52.0.
Impact
Base Score 4.0
8.90
Severity 4.0
HIGH
References to Advisories, Solutions, and Tools
- https://github.com/cloud-hypervisor/cloud-hypervisor/commit/1314ac883c641f1045bbb06dec0de045a3894baa
- https://github.com/cloud-hypervisor/cloud-hypervisor/pull/8220
- https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v51.2
- https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v52.0
- https://github.com/cloud-hypervisor/cloud-hypervisor/security/advisories/GHSA-f47p-p25q-83rh



