CVE-2026-27211
📋 TL;DR
Cloud Hypervisor versions 34.0 through 50.0 are vulnerable to host file exfiltration when using virtio-block devices with raw images. A malicious guest can craft a QCOW2 header pointing to sensitive host files, which are then served to the guest upon VM reboot. Only deployments using writable or untrusted backing images are affected.
💻 Affected Systems
- Cloud Hypervisor
📦 What is this software?
Cloud Hypervisor by Cloudhypervisor
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of sensitive host files accessible to the Cloud Hypervisor process, potentially including configuration files, secrets, or other VMs' data.
Likely Case
Exfiltration of specific host files that the attacker targets, limited by the hypervisor process privileges and file permissions.
If Mitigated
No impact if using read-only trusted images or proper sandboxing with restricted privileges.
🎯 Exploit Status
Requires guest VM compromise or malicious guest deployment. Guest-initiated VM reboot triggers the exploit without hypervisor process restart.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 50.1
Vendor Advisory: https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v50.1
Restart Required: Yes
Instructions:
1. Stop all VMs using Cloud Hypervisor. 2. Update Cloud Hypervisor to version 50.1 or later. 3. Restart Cloud Hypervisor service. 4. Verify the update with 'cloud-hypervisor --version'.
🔧 Temporary Workarounds
Enable Landlock Sandboxing
linuxRestrict Cloud Hypervisor process filesystem access using Landlock LSM to prevent host file access.
Configure Landlock policies to restrict filesystem access for the Cloud Hypervisor process
Use Read-Only Trusted Images
allEnsure all backing images are from trusted sources and mounted as read-only to guests.
Configure VM disk images with read-only flags and verify image integrity
🧯 If You Can't Patch
- Implement strict access controls and privilege separation for Cloud Hypervisor process
- Monitor for suspicious guest-initiated VM reboots and disk access patterns
🔍 How to Verify
Check if Vulnerable:
Check Cloud Hypervisor version with 'cloud-hypervisor --version'. If version is between 34.0 and 50.0 inclusive, and using virtio-block with raw images, the system is vulnerable.Check Version:
cloud-hypervisor --versionVerify Fix Applied:
Verify version is 50.1 or later with 'cloud-hypervisor --version'. Test with known vulnerable configurations to ensure host file access is blocked.📡 Detection & Monitoring
Log Indicators:
- Unexpected guest-initiated VM reboots
- Multiple disk format detection events
- Access to unusual host file paths in hypervisor logs
Network Indicators:
- Unusual data transfer patterns from hypervisor to guest VM
SIEM Query:
source="cloud-hypervisor" AND (event="vm_reboot" OR event="disk_scan") | stats count by vm_id🔗 References
- https://github.com/cloud-hypervisor/cloud-hypervisor/commit/081a6ebb5184228ff348601502258f3f72bd8b43
- https://github.com/cloud-hypervisor/cloud-hypervisor/commit/509832298b6865365b00bda88722e76e41ce7f41
- https://github.com/cloud-hypervisor/cloud-hypervisor/commit/a63315df54e06f6ec867f17b63076c266e2d8648
- https://github.com/cloud-hypervisor/cloud-hypervisor/commit/cb495959a8bea1b56e8fc82d15ba527a0e7fcf3c
- https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v50.1
- https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v51.0
- https://github.com/cloud-hypervisor/cloud-hypervisor/security/advisories/GHSA-jmr4-g2hv-mjj6
