Run Cloud Virtual Machines Securely and Efficiently

Cloud Hypervisor is an open source Virtual Machine Monitor (VMM) implemented in Rust that focuses on running modern, cloud workloads, with minimal hardware emulation.

Get Started

Get the source on GitHub

Secure 🔒

Minimal emulated devices and implemented in Rust to avoid many common security issues

Fast ⚡️

Boot to userspace in less than 100ms with direct kernel boot

🪟 & 🐧

Supports running modern Linux and Windows guests

Kata Containers

Supported by Kata Containers for running secure containerised workloads

Powerful REST API

Programmatically control the lifecyle of the VM using an HTTP API

Slim

Minimal memory overhead for dense deployments

Cross platform

Runs on both x86-64 and aarch64

Broad device support

Support for wide range of paravirtualised devices and physical device passthrough

Live migration

Migrate VMs from one host to another without interruption

Get Involved:

Cloud Hypervisor is governed openly as part of the Linux Foundation and supported by multiple organisations:

  • Alibaba
  • AMD
  • Ampere
  • ARM
  • ByteDance
  • Cyberus Technology
  • Intel
  • Microsoft
  • SAP
  • Tencent Cloud

Join our Slack community: Invite

Participate in our community activities: Slack channel

Check out and participate in our roadmap on GitHub

For full details of our governance model please see our community repository on GitHub and our founding charter.

For bug reports please use GitHub isssues; for broader community discussions please use our mailing list

Latest news from Cloud Hypervisor project:

Cloud Hypervisor v51.0 Released!

Posted February 20, 2026 by Cloud Hypervisor Team ‐ 3 min read

This release has been tracked in v51.0 group of our roadmap project.

Security Fixes

This release fixes a security vulnerability in disk image handling. Details can be found in GHSA-jmr4-g2hv-mjj6.

  • A new backing_files=on|off option has been added to --disk to explicitly control whether QCOW2 backing files are permitted. This defaults to off to prevent the loading of backing files entirely. (#7685)
  • Explicit image type specification via the user interface, removing reliance on format autodetection (#7728).
  • Prevent sector-zero writes for autodetected raw images (#7728).

Significant QCOW2 v3 Improvements

A large number of QCOW2 v3 specification features have been implemented:

  • RAW backing file support for QCOW2 overlays (#7570)
  • Zero bit in L2 entries (#7627)
  • Incompatible feature bit validation (#7612)
  • Dirty bit support (#7636)
  • Variable refcount widths (1 to 64-bit) (#7633)
  • Corrupt bit detection and marking (#7639)
  • Autoclear feature bits handling (#7648)
  • Thread safety fix for multiple virtio queues (num_queues > 1) (#7661)
  • Correct zero-fill for reads beyond backing file size (#7678)
  • Live disk resize support (#7687)

ACPI Generic Initiator Support

ACPI Generic Initiator Affinity (SRAT Type 5) support has been added to associate VFIO-PCI devices with dedicated memory/CPU-less NUMA nodes. This enables the guest OS to make NUMA-aware memory allocation decisions for device workloads. A new device_id parameter has been added to --numa for specifying VFIO devices. (#7626)

Block Device DISCARD and WRITE_ZEROES Support

The virtio-blk device now supports DISCARD and WRITE_ZEROES operations for QCOW2 and RAW image formats. This enables thin provisioning and efficient space reclamation when guests trim filesystems. A new sparse=on|off option has been added to --disk to control disk space management: sparse=on (default) enables thin provisioning with space reclamation, while sparse=off provides thick provisioning with consistent I/O latency. (#7666)

Notable Performance Improvements

  • Transparent Huge Pages (THP) support has been extended to cover anonymous shared memory (shared=on) via madvise. Previously, THP was only used for non-shared memory. (#7646)
  • The vhost-user-net device now uses the default set of vhost-user virtio features, including VIRTIO_F_RING_INDIRECT_DESC, which provides a performance improvement. (#7653)

MSHV Support Improvements

  • Optimize CPU state update after emulation by only updating special registers when changed (#7603)
  • Enable SMT for guests with threads_per_core > 1 (#7668)
  • Stub save_data_tables() to unblock VM pause/resume (#7692)
  • Handle GHCB_INFO_SPECIAL_DBGPRINT VMG exit in SEV-SNP guest exit handler (#7703)
  • Fix CVM boot failure on MSHV (#7548)
  • Fix CPU topology detection for multithreaded configurations (#7576)

Notable Bug Fixes

  • Fix VFIO device hot-remove leaving group and container file descriptors open, preventing re-add (#7676)
  • Fix snapshot restore when backing file is on read-only storage with shared=false (#7674)
  • Enforce VIRTIO_BLK_F_RO even if guest does not negotiate it (#7705)
  • Fix read-only block device FLUSH requests from OVMF preventing VMs from booting (#7706)
  • Fix vhost-user device not properly dropping unowned file descriptors (#7679)
  • Fix vhost-user-block get_config interoperability (#7617)
  • Fix vsock TOCTOU race condition by copying packet header from guest memory before processing (#7530)
  • Fix vsock handling of large TX packets spanning multiple data descriptors (#7680)
  • Add gettid() to all seccomp filters (#7596)
  • Fix MAC address parsing that wrongly allowed + instead of hex characters (#7579)
  • Improve UUID parse error message and --net fd help text (#7702)
  • Fix various inconsistencies in our OpenAPI specification file (#7716, #7726)
  • Various documentation fixes (#7602, #7606)

Contributors

Many thanks to everyone who has contributed to our release:

Download

See the GitHub Release for the release assets.