CVE-2026-45782
Vulnerability Description
Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same head_index while asynchronous block I/O is enabled (e.g. io_uring, aio). When the kernel completes the duplicate operation before the original, the completion path frees a bounce buffer that the kernel is still actively reading from or writing to, corrupting the freed memory. This issue has been patched in versions 51.2 and 52.0.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-416
Source
NVD
Vendor
cloud-hypervisor
Product
cloud-hypervisor
External References
- https://github.com/cloud-hypervisor/cloud-hypervisor/commit/1314ac883c641f1045bbb06dec0de045a3894baa
- https://github.com/cloud-hypervisor/cloud-hypervisor/pull/8220
- https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v51.2
- https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v52.0
- https://github.com/cloud-hypervisor/cloud-hypervisor/security/advisories/GHSA-f47p-p25q-83rh
Discussion (0)
Add Comment
No comments yet. Be the first!