CVE-2026-5747

CVE-2026-5747

Name

CVE-2026-5747

Description

An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue configuration registers after device activation. Achieving code execution on the host requires additional preconditions, such as the use of a custom guest kernel or specific snapshot configurations. To remediate this, users should upgrade to Firecracker 1.14.4 or 1.15.1 and later.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
ff89ba41-3aa1-4d27-914a-91399e9639e5	https://aws.amazon.com/security/security-bulletins/2026-015-aws/
ff89ba41-3aa1-4d27-914a-91399e9639e5	https://github.com/firecracker-microvm/firecracker/releases/tag/v1.14.4
ff89ba41-3aa1-4d27-914a-91399e9639e5	https://github.com/firecracker-microvm/firecracker/releases/tag/v1.15.1
ff89ba41-3aa1-4d27-914a-91399e9639e5	https://github.com/firecracker-microvm/firecracker/security/advisories/GHSA-776c-mpj7-jm3r

Type

URI

ff89ba41-3aa1-4d27-914a-91399e9639e5

https://aws.amazon.com/security/security-bulletins/2026-015-aws/

ff89ba41-3aa1-4d27-914a-91399e9639e5

https://github.com/firecracker-microvm/firecracker/releases/tag/v1.14.4

ff89ba41-3aa1-4d27-914a-91399e9639e5

https://github.com/firecracker-microvm/firecracker/releases/tag/v1.15.1

ff89ba41-3aa1-4d27-914a-91399e9639e5

https://github.com/firecracker-microvm/firecracker/security/advisories/GHSA-776c-mpj7-jm3r

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:amazon:firecracker::::::::`	firecracker	>= 1.13.0	<= 1.14.3
`cpe:2.3:a:amazon:firecracker:1.15.0:-::::::`	firecracker	== None	== 1.15.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:amazon:firecracker:*:*:*:*:*:*:*:*

firecracker

>= 1.13.0

<= 1.14.3

cpe:2.3:a:amazon:firecracker:1.15.0:-:*:*:*:*:*:*

firecracker

== None

== 1.15.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
firecracker	edge-community	1.14.3-r0	omni <omni+alpine@hack.org>	possibly vulnerable
firecracker	edge-community	1.14.1-r0	omni <omni+alpine@hack.org>	possibly vulnerable
firecracker	edge-community	1.14.0-r0	omni <omni+alpine@hack.org>	possibly vulnerable
firecracker	edge-community	1.13.1-r0	omni <omni+alpine@hack.org>	possibly vulnerable
firecracker	3.23-community	1.13.2-r0	omni <omni+alpine@hack.org>	possibly vulnerable
firecracker	3.23-community	1.13.1-r0	omni <omni+alpine@hack.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

firecracker

edge-community

1.14.3-r0

omni <omni+alpine@hack.org>

possibly vulnerable

firecracker

edge-community