Run Cloud Virtual Machines Securely and Efficiently

Cloud Hypervisor is an open source Virtual Machine Monitor (VMM) implemented in Rust that focuses on running modern, cloud workloads, with minimal hardware emulation.

Get Started

Get the source on GitHub

Secure 🔒

Minimal emulated devices and implemented in Rust to avoid many common security issues

Fast ⚡️

Boot to userspace in less than 100ms with direct kernel boot

🪟 & 🐧

Supports running modern Linux and Windows guests

Kata Containers

Supported by Kata Containers for running secure containerised workloads

Powerful REST API

Programmatically control the lifecyle of the VM using an HTTP API

Slim

Minimal memory overhead for dense deployments

Cross platform

Runs on both x86-64 and aarch64

Broad device support

Support for wide range of paravirtualised devices and physical device passthrough

Live migration

Migrate VMs from one host to another without interruption

Get Involved:

Cloud Hypervisor is governed openly as part of the Linux Foundation and supported by multiple organisations:

  • Alibaba
  • AMD
  • Ampere
  • ARM
  • ByteDance
  • Intel
  • Microsoft
  • Tencent Cloud

Join our Slack community: Invite

Participate in our community activities: Slack channel

Check out and participate in our roadmap on GitHub

For full details of our governance model please see our community repository on GitHub and our founding charter.

For bug reports please use GitHub isssues; for broader community discussions please use our mailing list

Latest news from Cloud Hypervisor project:

Cloud Hypervisor v46.0 Released!

Posted May 23, 2025 by Cloud Hypervisor Team ‐ 2 min read

This release has been tracked in v46.0 group of our roadmap project.

File-level Locking Support with --disk

Now file-level locking is enforced for disk images, provided by users with --disk. This ensures that only a single Cloud Hypervisor instance can obtain write access to a given disk image at any time, preventing misconfiguration and avoiding potential data corruption. (#6974)

Improved Error Reporting with VM Resizing

Instead of returning a generic error 400 (e.g. BadRequest), users now get a more specific error 429 (e.g. TooManyRequests) when a pending VM resizing is not completed. This allows users to better handle different errors, say retrying the request when applicable. (#7043)

IPv6 Address Support with --net

It is now possible to specify an IPv6 address and mask when creating a network interface with --net. (#7048)

Experimental AArch64 Support with the MSHV Hypervisor

It is now possible to start VMs on AArch64 platforms when using MSHV hypervisor. (#7055)

Deprecated SGX Support

The SGX support now is deprecated with a warning message if it being used, with the intention to remove its support from our code base in two release cycles (e.g. v48.0). (#7090)

Notable Bug Fixes

  • Remove path as required for DiskConfig from the OpenAPI spec file (#7017)
  • Properly parse PCI capabilities (#7018)
  • Reprogram PCI device BAR when its MSE bit is set (#7063)
  • Update IOMMU mappings of MMIO regions with BAR reprogram for VFIO devices (#7064)
  • Avoid resizing VMs to zero vCPUs (#7086)
  • Fix extended topology enumeration leaf exposed to the guest (#7087)

Contributors

Many thanks to everyone who has contributed to our release:

Download

See the GitHub Release for the release assets.